General

  • Target

    Pending Foreign Advance Payment Report.exe

  • Size

    590KB

  • Sample

    231022-jh5wlaec2v

  • MD5

    2157203a20adcc37c0989dbec2d904d9

  • SHA1

    8100db1c4bd334bc6ecc7213a93afcdc52209ea2

  • SHA256

    93f2598fd6e895e67afdd3393a472581f565c8bf43e4c00f883e51fcbc8df315

  • SHA512

    c712e428f81cd6bd1169d0a518542ad1c6cbe58c891ee4e8076d423aa8334d658ded68cd945fed414a558f140acf7882b27735db22ab283eabb87ae18bf92c31

  • SSDEEP

    12288:x9W1vjJGGna1GitvH9GU712pXTECC/AOwM4ASIHXEjDmQBP0Z7WK/1:x9W1LJ1na1GitvH9f718TEx/ABM4kHik

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ls02

Decoy

vocabularybot.com

invisalignsmilesolutions.xyz

sleepdisorderinsomnia.com

bern.beauty

ahazmcdris.top

21874960sie8ca1.store

yeitced.xyz

biggerpictureventures.com

alduhagroup.com

itsolutions.biz

0oq6y.com

wildpolis.com

mariobet469.com

brynnwpods.com

tastywin.com

cou2m1.com

newaitrucks.com

puremeans.studio

mitienda-la.com

jujuresorthotel.com

Targets

    • Target

      Pending Foreign Advance Payment Report.exe

    • Size

      590KB

    • MD5

      2157203a20adcc37c0989dbec2d904d9

    • SHA1

      8100db1c4bd334bc6ecc7213a93afcdc52209ea2

    • SHA256

      93f2598fd6e895e67afdd3393a472581f565c8bf43e4c00f883e51fcbc8df315

    • SHA512

      c712e428f81cd6bd1169d0a518542ad1c6cbe58c891ee4e8076d423aa8334d658ded68cd945fed414a558f140acf7882b27735db22ab283eabb87ae18bf92c31

    • SSDEEP

      12288:x9W1vjJGGna1GitvH9GU712pXTECC/AOwM4ASIHXEjDmQBP0Z7WK/1:x9W1LJ1na1GitvH9f718TEx/ABM4kHik

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks