General

  • Target

    841031a37159398b8eebca7bb7eff56b.exe

  • Size

    813KB

  • Sample

    231024-g68laabb8t

  • MD5

    841031a37159398b8eebca7bb7eff56b

  • SHA1

    1848cf9917341a151a4cd8c3ff041525a4d075eb

  • SHA256

    0ad9757a6895b3595b4eaa5a71cca88d658a1c21f335b8d3268949d659e27fda

  • SHA512

    703be883819631d73c3ecdaab42b73464b1e81072d68a665d551dcc393d3b2b002bf2929a6a9b1f1b17e6de352458bbffe6a7e24a463fe661549202b7bcf42d7

  • SSDEEP

    12288:TMGI/MtgR/mZRM+BYkElTBtzeACtg1Uf10nhLnxeTLE39oexn3SJ:p1gkZR5+k2Dk10nsL4eexn

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

rs10

Decoy

starryallure.com

mania-31.online

baba-bt-top1.buzz

jwilkinsartscapeinc.com

tallerhazop.com

lulu013.com

pontoimediato.com

stmc-company.com

thesoftwarepractitioner.com

makemoneywithsherrie.com

algaroba.com

smartbookmarks.info

burneysaw.com

fftsxxx.top

hvr998.com

sofisticars.store

clickit.fun

couches-sofas-16683.bond

ikkasolutions.com

oakvisa.com

Targets

    • Target

      841031a37159398b8eebca7bb7eff56b.exe

    • Size

      813KB

    • MD5

      841031a37159398b8eebca7bb7eff56b

    • SHA1

      1848cf9917341a151a4cd8c3ff041525a4d075eb

    • SHA256

      0ad9757a6895b3595b4eaa5a71cca88d658a1c21f335b8d3268949d659e27fda

    • SHA512

      703be883819631d73c3ecdaab42b73464b1e81072d68a665d551dcc393d3b2b002bf2929a6a9b1f1b17e6de352458bbffe6a7e24a463fe661549202b7bcf42d7

    • SSDEEP

      12288:TMGI/MtgR/mZRM+BYkElTBtzeACtg1Uf10nhLnxeTLE39oexn3SJ:p1gkZR5+k2Dk10nsL4eexn

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks