General

  • Target

    FTT63730923.exe

  • Size

    590KB

  • Sample

    231022-jgeb9afh84

  • MD5

    e085287e182e1fe1afc6136e08639b49

  • SHA1

    5eb95ee31e92596ab20100ad13358c5e214c20cf

  • SHA256

    2f717becc408420e2dfdcac5643bcf420ce2a8e3e28320c23b3db7a489235f2a

  • SHA512

    0a22ce57d336d07ece3121144c9aa67a5db67164782cf53e60ecd3689e8ba6af6f0d4ed49dbf9b7afdabee4cd24c61d105083104740b02f7beb8ee1927674414

  • SSDEEP

    12288:u8zS55mFzhcNurziYbsFTzKyGvmKE8GJnff5VBJSCQ:uf55qF6urz9IFPOuZ5nsJ

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

cy12

Decoy

routinelywell.com

traderinformation.com

xv1lz.cfd

elfiensclinic.com

dfwtexasmilitaryagent.com

gb3p8a.com

ofcure.com

kslgd.link

apexassisthubs.com

270hg.com

spacovitta.com

mattress-info-hu-kwu.today

jakestarrbroadcast.com

modestswimwearshop.com

game0814.com

gec.tokyo

growwellnesscoaching.com

thefavoreats.com

gaasmantech.net

mloffers.net

Targets

    • Target

      FTT63730923.exe

    • Size

      590KB

    • MD5

      e085287e182e1fe1afc6136e08639b49

    • SHA1

      5eb95ee31e92596ab20100ad13358c5e214c20cf

    • SHA256

      2f717becc408420e2dfdcac5643bcf420ce2a8e3e28320c23b3db7a489235f2a

    • SHA512

      0a22ce57d336d07ece3121144c9aa67a5db67164782cf53e60ecd3689e8ba6af6f0d4ed49dbf9b7afdabee4cd24c61d105083104740b02f7beb8ee1927674414

    • SSDEEP

      12288:u8zS55mFzhcNurziYbsFTzKyGvmKE8GJnff5VBJSCQ:uf55qF6urz9IFPOuZ5nsJ

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks