General

  • Target

    2fd50e5697f2d8aa6f9bea9d946b1fbf6145aedd6cca90ee4032cbbae229e934

  • Size

    656KB

  • Sample

    231023-ejadvsfg77

  • MD5

    fe3629f841657d1ae164d8350eef1009

  • SHA1

    a9026e2e80aaa7393a7e4dd2a39acc64d19ead0a

  • SHA256

    2fd50e5697f2d8aa6f9bea9d946b1fbf6145aedd6cca90ee4032cbbae229e934

  • SHA512

    b5f85e540c21bfbd363be902a4c9cf4662181534d855b497bfd9d1af1671d0f0f981661e1e71fa93c7177071048affc69ae86f16fe45fbdbc0fbc13a4f0cc738

  • SSDEEP

    12288:vM5aM2gR/mZRM+BI02IoystoB6q8BfnXEpjevIHvhLmwVvIq7yg7o:xgkZR5SjIhsI8RAOIHwAvIa

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

o5gu

Decoy

jonathanvuportfolio.website

moneyboost.net

imikecutyou.com

toollessassembling.com

keoinfra.com

mackenziejamesphoto.com

zenovaa.com

ngmnetwork.com

odropoficial.com

huyangli.company

ganjajuice.info

promptmechanic.xyz

crispyjoy.com

dinevintageshirts.com

heyxop.online

hopefinancialmarketingph.com

weeklyvolcano.app

consultoriopmn.com

seetheratequote.com

ftds77.com

Targets

    • Target

      2fd50e5697f2d8aa6f9bea9d946b1fbf6145aedd6cca90ee4032cbbae229e934

    • Size

      656KB

    • MD5

      fe3629f841657d1ae164d8350eef1009

    • SHA1

      a9026e2e80aaa7393a7e4dd2a39acc64d19ead0a

    • SHA256

      2fd50e5697f2d8aa6f9bea9d946b1fbf6145aedd6cca90ee4032cbbae229e934

    • SHA512

      b5f85e540c21bfbd363be902a4c9cf4662181534d855b497bfd9d1af1671d0f0f981661e1e71fa93c7177071048affc69ae86f16fe45fbdbc0fbc13a4f0cc738

    • SSDEEP

      12288:vM5aM2gR/mZRM+BI02IoystoB6q8BfnXEpjevIHvhLmwVvIq7yg7o:xgkZR5SjIhsI8RAOIHwAvIa

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks