General

  • Target

    Quote Request.exe

  • Size

    593KB

  • Sample

    231022-jh57csec2w

  • MD5

    010c9d1a915b7550181014f34ed12a80

  • SHA1

    687bb9aa1047c3d19e76570e130d5efe76a9a336

  • SHA256

    ccd3d1ec6d5b5723225b7d0c6488de099b2b22c5b70bc1c521c148160f5997cc

  • SHA512

    2f15d87d03e3e2c6d007ae4668c294094eb6e570532eb596fa8d5955d857198c2ee7789ff72eb4928ace201cc6f4e5b183e15d076235948df27647af3732c5ae

  • SSDEEP

    12288:2OW1vjJGGna1q5IscdEjcdja5VySGJE6awd6jQH171BFM2AYOMgKqhxgyVMwl1:2OW1LJ1na1Or0E4dj4+Ei/BFMlRMgt4M

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

5nd2

Decoy

soulalchemyhub.com

geisa24.online

1c0v9.xyz

marcomarzadori-shop.com

yarn360.net

coding-bootcamps-57448.bond

kjtrhtsd.top

83b52.com

xiaomadou8.com

d4rk23.com

abdg1.com

clientunlimited.com

29981e.shop

scshuixie.fun

erxbet171.com

yiyageshafa.com

salju4d5.com

valentinpfaffenwimmer.com

profitecnicaingenieria.com

dohafintech.net

Targets

    • Target

      Quote Request.exe

    • Size

      593KB

    • MD5

      010c9d1a915b7550181014f34ed12a80

    • SHA1

      687bb9aa1047c3d19e76570e130d5efe76a9a336

    • SHA256

      ccd3d1ec6d5b5723225b7d0c6488de099b2b22c5b70bc1c521c148160f5997cc

    • SHA512

      2f15d87d03e3e2c6d007ae4668c294094eb6e570532eb596fa8d5955d857198c2ee7789ff72eb4928ace201cc6f4e5b183e15d076235948df27647af3732c5ae

    • SSDEEP

      12288:2OW1vjJGGna1q5IscdEjcdja5VySGJE6awd6jQH171BFM2AYOMgKqhxgyVMwl1:2OW1LJ1na1Or0E4dj4+Ei/BFMlRMgt4M

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks