General

  • Target

    SAMPLE SPECS 80470.IMG.lzh

  • Size

    568KB

  • Sample

    231024-g5gfeada58

  • MD5

    c041b0bdee70ee9f4f3f40d6e7c367ad

  • SHA1

    4a334a31f259f3bcca66ebeeccbf913f749ed0ff

  • SHA256

    d4b03adc9f43fdf72e1fdf48f76abd3a7404e91811cb91e0d6050631d8f9428e

  • SHA512

    4dad8ffb10f9e4b5e7f930ea91240ca86a7cf1f25b998cdd89f2347aed463025d62542060c44957f9098f997c0125795224863b87959ed9a13225f0b71bd24b8

  • SSDEEP

    12288:rkDR3xMefx0lX7+m4VFdoux/Onbj9Heu1cS+8s4B/9NNMkMoNm:r4De57aToht7+S+ANNM93

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ifrg

Decoy

68czt.com

gvosmm.com

stakehs.fun

constructionloancalculator.net

arissahotel.com

mndhhy.store

961bets.com

legendsturf.com

hbcucuratefoundation.com

vespeciative.com

zysport.net

terravortex.cfd

tasteitmakeit.com

muversus.pro

kqguvq.cfd

despachomorelia.com

66tv982.xyz

wineroomcontractor.com

boat-insurance-today.world

sygree.net

Targets

    • Target

      SAMPLE SPECS 80470.IMG.exe

    • Size

      594KB

    • MD5

      042ccf0e2d6aef91955adfb73a0ca523

    • SHA1

      9a1665d41ccd27de2543a8f1f22ca126376ac4e0

    • SHA256

      11270e75f748238153400a6756b6c6910308da6788734fc0ea1f18e1958aecf3

    • SHA512

      165ffffce36767d09ec8150479c3d34a38b97f0205eb4e2b22ff9874c8fdfb801036c779eb58823e4546c5e69c93bd4ca0ca5ea1a2e5fa415956c3e858d7e1bf

    • SSDEEP

      12288:nzfqBuaTijlCOW7FtRbb/SvCBQRYLBHaS+p8kNxcJ0adaMbVqWe/7f:nT6Ti0TL9jBQR8BHxkN8dEWY7

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks