General

  • Target

    6ebb994d00938e37d43b4cb66fd5356d.exe

  • Size

    456KB

  • Sample

    231022-xd2v2aeb72

  • MD5

    6ebb994d00938e37d43b4cb66fd5356d

  • SHA1

    48a7117f5ed601381d744f949b66529e52251343

  • SHA256

    69585ae659cf7e13dd4c48f8d3109c5e219cb37f266a3aed6d0e0aac051e89b2

  • SHA512

    d9de4847d0cc0d9073bd8b4f6062014c37d9394baf8aeb912af5ad3078401e1a8ad25abfe943100f4c41cb64561d3e5bd2f8835cd881f0658ff9ebc8b2681266

  • SSDEEP

    12288:KfLRrNGaW112bN1wW5I1UrqNnEKiIYZ6U0RsRJVlBMlh:KfL5NGa01WN5gEf6Wpoh

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ge06

Decoy

azaharparis.com

nationaleventsafety.com

covesstudy.com

quinshon4.com

moderco.net

trailblazerbaby.com

time-edu.net

azeemtourism.com

anakmedan3.click

bookinternationaltours.com

ulksht.top

newswirex.com

dingg.net

waveoflife.pro

miamirealestatecommercial.com

rtplive77.xyz

bowllywood.com

automation-tools-84162.bond

booptee.com

ebx.lat

Targets

    • Target

      6ebb994d00938e37d43b4cb66fd5356d.exe

    • Size

      456KB

    • MD5

      6ebb994d00938e37d43b4cb66fd5356d

    • SHA1

      48a7117f5ed601381d744f949b66529e52251343

    • SHA256

      69585ae659cf7e13dd4c48f8d3109c5e219cb37f266a3aed6d0e0aac051e89b2

    • SHA512

      d9de4847d0cc0d9073bd8b4f6062014c37d9394baf8aeb912af5ad3078401e1a8ad25abfe943100f4c41cb64561d3e5bd2f8835cd881f0658ff9ebc8b2681266

    • SSDEEP

      12288:KfLRrNGaW112bN1wW5I1UrqNnEKiIYZ6U0RsRJVlBMlh:KfL5NGa01WN5gEf6Wpoh

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks