General

  • Target

    Purchase Order.exe

  • Size

    593KB

  • Sample

    231022-jh57csga24

  • MD5

    7a93bc269b2ebe1348969bcef1267af2

  • SHA1

    7b54993eb8d2d9c7a1fa67d08152fc29f7f42cfb

  • SHA256

    cab1239af46720e7dea7b06c3c9c6e3fc7928445e84db2636fb5427ae1ef4196

  • SHA512

    a6cdeb0dc3ded21eda3c123b41812cf7f4caa3a9a5cca87c5080ab6dcc32dd771a050792b744ce4130579130a5fa24e475ed7bad8d41400f55e4f4aba0e5f4c1

  • SSDEEP

    12288:w6NL1vjJGGna1sJ3h6ioYT9KryxykutduJiYOX/F81:hNL1LJ1na1sR6ioYT9KrSyaJZh1

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

a9h3

Decoy

yimbyco.com

goformyplanet.com

cylegeorgedesigns.com

scarmall.net

v4xs654y.asia

die-instandhalter.com

julietheimpatientartist.com

novoxvape.com

faireco.life

theoldcup.com

creehackapk.xyz

meineexperimentierseite.net

gdriyue.icu

sanmasan.com

zoomtrakfauci.com

youssion.com

ovrconfidence.com

kaapikadai.net

lhgs5.com

srgpatience.click

Targets

    • Target

      Purchase Order.exe

    • Size

      593KB

    • MD5

      7a93bc269b2ebe1348969bcef1267af2

    • SHA1

      7b54993eb8d2d9c7a1fa67d08152fc29f7f42cfb

    • SHA256

      cab1239af46720e7dea7b06c3c9c6e3fc7928445e84db2636fb5427ae1ef4196

    • SHA512

      a6cdeb0dc3ded21eda3c123b41812cf7f4caa3a9a5cca87c5080ab6dcc32dd771a050792b744ce4130579130a5fa24e475ed7bad8d41400f55e4f4aba0e5f4c1

    • SSDEEP

      12288:w6NL1vjJGGna1sJ3h6ioYT9KryxykutduJiYOX/F81:hNL1LJ1na1sR6ioYT9KrSyaJZh1

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks