General

  • Target

    NEAS.84843f8198544b95393c49ed0b157c80.exe

  • Size

    594KB

  • Sample

    231022-vxz5fage75

  • MD5

    84843f8198544b95393c49ed0b157c80

  • SHA1

    5a2a4bc8da48e91961f06210a36e060f2743e5f2

  • SHA256

    8a7d0f98bf7bdba1f546de3a59dd2d83b6bb0b93c4b0d1fbad38c70a843157ee

  • SHA512

    1702144bff2bcceef650e85b0da0e3c2a1ba1f76fe3d0e52ac4b9b942cd9b259677e53ad029fc6e57bfd9987e67a1e1203c77eab8cfd94a3e447c0b273293e60

  • SSDEEP

    12288:C6KkZ86r1NlIsx9b8f0uA6b+F5Ud+HAkNYWGgPcCP+nj7bgR/mZRM+:C6KYPNlHxIp/Q5UaSWDuj/gkZR5

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

k0p2

Decoy

theluxurytraveljournal.com

skybet10.com

mountruqal.online

onlyones.xyz

kloea.top

studio7crochet.online

dhv9gmy.top

walkereld.com

script-shore.com

bwerger02.xyz

clempi.xyz

lishapanchal.com

imagemaza.com

ludu65.com

zenith-leadership.com

undertheradar.zone

802cm.top

budeny.com

piabellacasino338.com

eclipse-demolition.com

Targets

    • Target

      NEAS.84843f8198544b95393c49ed0b157c80.exe

    • Size

      594KB

    • MD5

      84843f8198544b95393c49ed0b157c80

    • SHA1

      5a2a4bc8da48e91961f06210a36e060f2743e5f2

    • SHA256

      8a7d0f98bf7bdba1f546de3a59dd2d83b6bb0b93c4b0d1fbad38c70a843157ee

    • SHA512

      1702144bff2bcceef650e85b0da0e3c2a1ba1f76fe3d0e52ac4b9b942cd9b259677e53ad029fc6e57bfd9987e67a1e1203c77eab8cfd94a3e447c0b273293e60

    • SSDEEP

      12288:C6KkZ86r1NlIsx9b8f0uA6b+F5Ud+HAkNYWGgPcCP+nj7bgR/mZRM+:C6KYPNlHxIp/Q5UaSWDuj/gkZR5

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks