General

  • Target

    6ebb994d00938e37d43b4cb66fd5356d.bin

  • Size

    433KB

  • Sample

    231024-b8d7kabf44

  • MD5

    ad9a02d8f0d5a5707df27532563d1e44

  • SHA1

    87cb1567c37df7e33a72e2805970cac96c3202eb

  • SHA256

    a7a6c5bf473191aca979f55298e8ba54b9e1731e5a1da5117aa1603eb9720499

  • SHA512

    933bf97f89ab9e7a3973d3c53c7ad2701a3c44cea76945ab881bc0b457e90c7f7766a7761505d1ff2023d3c61c4ba1297cc08b3ef82275cebb14e22998ad6c66

  • SSDEEP

    12288:g9OKfqCKnwHFo4MzBNwk6vliuOz4fng+it4EKPLOgdD:g4htnw64MdNwHtfHEKPaKD

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ge06

Decoy

azaharparis.com

nationaleventsafety.com

covesstudy.com

quinshon4.com

moderco.net

trailblazerbaby.com

time-edu.net

azeemtourism.com

anakmedan3.click

bookinternationaltours.com

ulksht.top

newswirex.com

dingg.net

waveoflife.pro

miamirealestatecommercial.com

rtplive77.xyz

bowllywood.com

automation-tools-84162.bond

booptee.com

ebx.lat

Targets

    • Target

      69585ae659cf7e13dd4c48f8d3109c5e219cb37f266a3aed6d0e0aac051e89b2.exe

    • Size

      456KB

    • MD5

      6ebb994d00938e37d43b4cb66fd5356d

    • SHA1

      48a7117f5ed601381d744f949b66529e52251343

    • SHA256

      69585ae659cf7e13dd4c48f8d3109c5e219cb37f266a3aed6d0e0aac051e89b2

    • SHA512

      d9de4847d0cc0d9073bd8b4f6062014c37d9394baf8aeb912af5ad3078401e1a8ad25abfe943100f4c41cb64561d3e5bd2f8835cd881f0658ff9ebc8b2681266

    • SSDEEP

      12288:KfLRrNGaW112bN1wW5I1UrqNnEKiIYZ6U0RsRJVlBMlh:KfL5NGa01WN5gEf6Wpoh

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks