General

  • Target

    78d449904f1a8a3000a3ba549dba764e.exe

  • Size

    614KB

  • Sample

    231024-g68ahsbb71

  • MD5

    78d449904f1a8a3000a3ba549dba764e

  • SHA1

    406d377445ee71f514c52067f9fef4d6fa21dc46

  • SHA256

    eb2c77eb03b17cdb76301d30bf4b07d97f3d0a742d198cf84a191c8271a42b4a

  • SHA512

    c15a3100d400eeb212d03ed8fb71a42a963360a3ef7742da1b3544224b4ca29708afe1c94630379267d13ab5feabf102e3386135ffb727c754189a96c3c8974e

  • SSDEEP

    12288:+hNh6sxTA6qNhOX/aGLLoT+R13rArzxC7uSbSImwcdVJLXKYkYXEZVWmB1owh:+DDxs6gnqPxAzxC7vb0nJLyYXKW+1ow

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

o5pf

Decoy

readyupgraphics.com

linkduren77.xyz

aeronoms.com

dingyaping.com

813tv.net

emerge-marketing.com

janvori.online

sublimardr.com

jaggerglass.autos

mp3juices.work

alexandrasfinejewelery.com

tepatoken.com

snugglewash.com

hmoney.net

whatpowerplug.com

baassource.online

piscogastrolounge.com

shower-installation-15244.bond

zxhzgroup.com

vcxz800.website

Targets

    • Target

      78d449904f1a8a3000a3ba549dba764e.exe

    • Size

      614KB

    • MD5

      78d449904f1a8a3000a3ba549dba764e

    • SHA1

      406d377445ee71f514c52067f9fef4d6fa21dc46

    • SHA256

      eb2c77eb03b17cdb76301d30bf4b07d97f3d0a742d198cf84a191c8271a42b4a

    • SHA512

      c15a3100d400eeb212d03ed8fb71a42a963360a3ef7742da1b3544224b4ca29708afe1c94630379267d13ab5feabf102e3386135ffb727c754189a96c3c8974e

    • SSDEEP

      12288:+hNh6sxTA6qNhOX/aGLLoT+R13rArzxC7uSbSImwcdVJLXKYkYXEZVWmB1owh:+DDxs6gnqPxAzxC7vb0nJLyYXKW+1ow

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks