General

  • Target

    a4c0d57544223406171313e236825d0156eeb6198b07a3606b5ed6582915ba39

  • Size

    676KB

  • Sample

    231024-a5pnfsbc83

  • MD5

    078145e739672f6cb7103e68005a5bee

  • SHA1

    7aefac56a0d62f358ab44048e2be82898559c7aa

  • SHA256

    a4c0d57544223406171313e236825d0156eeb6198b07a3606b5ed6582915ba39

  • SHA512

    e05246bbe5d86e13d57d4f00f16756a494707c077321df1d28ecd4e499e45514c3141c647937004c7ed9abed59fee1f8874f36033dbab5dae4545f814652414a

  • SSDEEP

    12288:usxTA6qFu5mDbBdDmwarhWU17CX5W1SNmVx/iSu4NmI4qRVyHok:xxs63SbHnar08kQAmfKEUq/A

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

oy30

Decoy

rfc234.top

danielcavalari.com

elperegrinocabo.com

aryor.info

surelistening.com

premium-numero-telf.buzz

orlynyml.click

tennislovers-ro.com

holdmytracker.com

eewapay.com

jaimesinstallglass.com

damactrade.net

swapspecialities.com

perfumesrffd.today

salesfactory.pro

supportive-solutions.com

naiol.com

khoyr.com

kalendeargpt44.com

web-tech-spb.store

Targets

    • Target

      a4c0d57544223406171313e236825d0156eeb6198b07a3606b5ed6582915ba39

    • Size

      676KB

    • MD5

      078145e739672f6cb7103e68005a5bee

    • SHA1

      7aefac56a0d62f358ab44048e2be82898559c7aa

    • SHA256

      a4c0d57544223406171313e236825d0156eeb6198b07a3606b5ed6582915ba39

    • SHA512

      e05246bbe5d86e13d57d4f00f16756a494707c077321df1d28ecd4e499e45514c3141c647937004c7ed9abed59fee1f8874f36033dbab5dae4545f814652414a

    • SSDEEP

      12288:usxTA6qFu5mDbBdDmwarhWU17CX5W1SNmVx/iSu4NmI4qRVyHok:xxs63SbHnar08kQAmfKEUq/A

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks