General

  • Target

    BOQ- AE200073490.exe

  • Size

    591KB

  • Sample

    231022-jgd2gsfh82

  • MD5

    03ba07ae9665412a170bbe06dd55d724

  • SHA1

    060461b26a84d0db8609404c5f1c7977b3b5a7d0

  • SHA256

    a40c92a00ca0f04cd04883d555859cf2c8e884a01329defd3631c7cc61204ff8

  • SHA512

    d7db15a5457c9ebe8e2cf39689e7c89de70c5870e2bc26aab6258b258f09d8ae06991cad12c07dcbd39f130e22cc5645ac7d4ec3e96ac75f39187f2438a99511

  • SSDEEP

    12288:L8zS55mFzy6+NeUKIDG96nhL2Gq89z/s9lVgkVsWjb/5lojH:Lf55qCNeQa0u89TKlVgcjb8jH

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

hinf

Decoy

gemaprojects.com

infinitymarketingsystems.com

pustmegfram.com

mydetailaccelerator.com

zeusoffyp6.click

thegoddessofthehunt.com

abajim.com

jctrhc78.com

iyouiyiti.com

jobscnwire.com

emirates-tobacco.com

onledutech.com

medicinefloor.com

lghyr.fun

dohodnaavtomate.online

fbaxqevemd7.xyz

descontode70porcento.online

assmaco.com

bb845933.site

pinapplecapital.com

Targets

    • Target

      BOQ- AE200073490.exe

    • Size

      591KB

    • MD5

      03ba07ae9665412a170bbe06dd55d724

    • SHA1

      060461b26a84d0db8609404c5f1c7977b3b5a7d0

    • SHA256

      a40c92a00ca0f04cd04883d555859cf2c8e884a01329defd3631c7cc61204ff8

    • SHA512

      d7db15a5457c9ebe8e2cf39689e7c89de70c5870e2bc26aab6258b258f09d8ae06991cad12c07dcbd39f130e22cc5645ac7d4ec3e96ac75f39187f2438a99511

    • SSDEEP

      12288:L8zS55mFzy6+NeUKIDG96nhL2Gq89z/s9lVgkVsWjb/5lojH:Lf55qCNeQa0u89TKlVgcjb8jH

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks