General

  • Target

    file.exe

  • Size

    691KB

  • Sample

    231024-f9gfjaah2y

  • MD5

    5a79f40ca8df2b7b10414dc1445fe4e7

  • SHA1

    d0c7b70af48ba6534283af5fcfe16a340892fb8e

  • SHA256

    67489279b14b30ad57178036c4c6d04037a31c41841eb812231dcf8c921f8b18

  • SHA512

    e52c687c6fab7f20c6c34acff00a257ff2c080f8a4d20d500016bb8f412e2a445e3714288edf847f4891a2d55136e5f4d34114e07bff78e1cfed090a58df8b35

  • SSDEEP

    12288:mhNh6sxTA6qNhOnnnGitbqmh5f1YA5z+SkV+LrCBYDzSisuY8DXnaCP+SdCs8+mU:mDDxs6gknZdz1YA5+WLDvxsuY8DXa7Sn

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ur25

Decoy

discountstoreonline.store

profitwavemastery.com

cvqqrc9j.top

easyhub.xyz

dynamicelevateemporium.online

hlcapp.com

jayanamachine.com

agyaie.com

rentthecostume.net

jvjjdjsf.top

ratce.xyz

pensoupecas.com

nnc375.xyz

beingfrankwithcash.com

simplysoaps.store

jugouqduj.top

rampageoriginal.com

tigglywinks.com

stillnightjohns.fun

exchadom002.com

Targets

    • Target

      file.exe

    • Size

      691KB

    • MD5

      5a79f40ca8df2b7b10414dc1445fe4e7

    • SHA1

      d0c7b70af48ba6534283af5fcfe16a340892fb8e

    • SHA256

      67489279b14b30ad57178036c4c6d04037a31c41841eb812231dcf8c921f8b18

    • SHA512

      e52c687c6fab7f20c6c34acff00a257ff2c080f8a4d20d500016bb8f412e2a445e3714288edf847f4891a2d55136e5f4d34114e07bff78e1cfed090a58df8b35

    • SSDEEP

      12288:mhNh6sxTA6qNhOnnnGitbqmh5f1YA5z+SkV+LrCBYDzSisuY8DXnaCP+SdCs8+mU:mDDxs6gknZdz1YA5+WLDvxsuY8DXa7Sn

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks