General

  • Target

    354bb2d5a03e3c1d041730e3478e80ab5a264fd852e146e880834a346fc63579.zip

  • Size

    400KB

  • Sample

    231022-vlnbhadc48

  • MD5

    595ab75f55a28ebeeb2e627c51877338

  • SHA1

    cf59f85258a435e0da826fc92824f4818532e335

  • SHA256

    cf62503f1546dec846a036db8ece217cf8398d940621e063de6823e2362c42e5

  • SHA512

    cae7637ce5d2bd269185b2da2cf21f5d8daa9ffd190043cf4b86f01bbe69cc3bc8044920046f5e858bcb69bed952df1d81c27601cd7006fe618b5deeb7ff1622

  • SSDEEP

    6144:t/hcnQjreyOQOZRCRmHY4qIt7WVGYYVXtUUzv37wyYJfTpAE985UmvH1fAXaZCfF:lhbjq9vdY4qIhWwNVXugTYJ9B9O1fohF

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

sy22

Decoy

vinteligencia.com

displayfridges.fun

completetip.com

giallozafferrano.com

jizihao1.com

mysticheightstrail.com

fourseasonslb.com

kjnala.shop

mosiacwall.com

vandistreet.com

gracefullytouchedartistry.com

hbiwhwr.shop

mfmz.net

hrmbrillianz.com

funwarsztat.com

polewithcandy.com

ourrajasthan.com

wilhouettteamerica.com

johnnystintshop.com

asgnelwin.com

Targets

    • Target

      354bb2d5a03e3c1d041730e3478e80ab5a264fd852e146e880834a346fc63579.exe

    • Size

      426KB

    • MD5

      df247bbfaf91dbe0da4d79a04cfb5ca3

    • SHA1

      0d29cbfa4b746e71c680bbd56a6c51964fd9b1fa

    • SHA256

      354bb2d5a03e3c1d041730e3478e80ab5a264fd852e146e880834a346fc63579

    • SHA512

      ea413b9f389b9bb2bd8eaca5c3917a656840df5d48c5fb5478d9b453412fe941229cae535df587a66996acb9b96a4c692491ebe65a106d35eb0b757d6412286b

    • SSDEEP

      6144:zfL+oqgoT3oPrD68F2PD44p8Ls1k7n82iKGI3TmBp6CbspK7M2jtsftCq9CPbz:zfLCT21oy82PGIC/Bb8K7MNCB/

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks