General

  • Target

    Waybill_Documents_ 8973245761.exe

  • Size

    614KB

  • Sample

    231024-f9gfjacf82

  • MD5

    6c6b494076108f4180b42360dbf24c70

  • SHA1

    57c5df87cd289ec423b4b897d12c2cecde055f23

  • SHA256

    62f5f91f3533cffc8b6213b9cffeb8315f09d2219717d9477b08f470f312bc29

  • SHA512

    f0189be211dadda1c41bd163e9bf675d1cd89b05efc9a120adc1d50ac63697d94e46720513c5a9dc8f03547d5e4a957b60e7911873da6a6b676425469f9a478b

  • SSDEEP

    12288:7hNh6sxTA6qNhB6eN/v0/PnQqnqbJpCFfuiyaCAbT6YdeIh:7DDxs6g76eN/S/uJy8CbTSI

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ny02

Decoy

unirewards.online

giaoxuthanhgia.com

jennifersarrasin.online

hotelcampestrelafloresta.com

rwardsuprefortunerabbit.website

wanguardplacements.com

myfittedbedroomboutique.com

romariiregenerative.com

fashionhabesha.online

q778.top

embodiedtruthmethod.online

petgoodies.store

prismeventsandtours.com

onlinedelight.tech

segoviaresidencial.com

livewin.win

qhyhxs.com

kemprut.com

sanghahealing.net

forcewealthpower.com

Targets

    • Target

      Waybill_Documents_ 8973245761.exe

    • Size

      614KB

    • MD5

      6c6b494076108f4180b42360dbf24c70

    • SHA1

      57c5df87cd289ec423b4b897d12c2cecde055f23

    • SHA256

      62f5f91f3533cffc8b6213b9cffeb8315f09d2219717d9477b08f470f312bc29

    • SHA512

      f0189be211dadda1c41bd163e9bf675d1cd89b05efc9a120adc1d50ac63697d94e46720513c5a9dc8f03547d5e4a957b60e7911873da6a6b676425469f9a478b

    • SSDEEP

      12288:7hNh6sxTA6qNhB6eN/v0/PnQqnqbJpCFfuiyaCAbT6YdeIh:7DDxs6g76eN/S/uJy8CbTSI

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks