General

  • Target

    tmp

  • Size

    375KB

  • Sample

    231024-dt6pdaac2y

  • MD5

    ad0713c972602940e7e50380048ffd9e

  • SHA1

    3647059e2c3612dcb5a9853729f5881c011610ba

  • SHA256

    83fe062cb82d518d92a41e899c47291e38a613eb7b3c043712f6f20bb7d98bee

  • SHA512

    b944b770cef48eea80b0e39737223be9c1e0d35c6ee6023a38125ec4d3b2ff32fdf0438aa3f9071f6001afa3a87683c6eeb40136f02e2a588d8adbd1bfedef57

  • SSDEEP

    6144:zfL+oqfWIvcaJbkGWG5IluUXB/EU1TnG+g+B+CTcoAvsfUoKLKHePB0tfT6kW9Z:zfLfIvcEbkGWG5ITlS+gu+CTcoo4U1LZ

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

sy22

Decoy

vinteligencia.com

displayfridges.fun

completetip.com

giallozafferrano.com

jizihao1.com

mysticheightstrail.com

fourseasonslb.com

kjnala.shop

mosiacwall.com

vandistreet.com

gracefullytouchedartistry.com

hbiwhwr.shop

mfmz.net

hrmbrillianz.com

funwarsztat.com

polewithcandy.com

ourrajasthan.com

wilhouettteamerica.com

johnnystintshop.com

asgnelwin.com

Targets

    • Target

      tmp

    • Size

      375KB

    • MD5

      ad0713c972602940e7e50380048ffd9e

    • SHA1

      3647059e2c3612dcb5a9853729f5881c011610ba

    • SHA256

      83fe062cb82d518d92a41e899c47291e38a613eb7b3c043712f6f20bb7d98bee

    • SHA512

      b944b770cef48eea80b0e39737223be9c1e0d35c6ee6023a38125ec4d3b2ff32fdf0438aa3f9071f6001afa3a87683c6eeb40136f02e2a588d8adbd1bfedef57

    • SSDEEP

      6144:zfL+oqfWIvcaJbkGWG5IluUXB/EU1TnG+g+B+CTcoAvsfUoKLKHePB0tfT6kW9Z:zfLfIvcEbkGWG5ITlS+gu+CTcoo4U1LZ

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks