General

  • Target

    JPG-68376878978-SSG TENDER REQUEST.JPG.exe

  • Size

    592KB

  • Sample

    231024-gs6vjaba5z

  • MD5

    64df2da0575e7029bdadc77391850550

  • SHA1

    b634fafdaa6e58f240b255a950ac1c049cbcbaba

  • SHA256

    24e10f5915004000ec4bedf2c9f7a86dabb0480391b75b97af0c16c6151685b8

  • SHA512

    4743239362b8e27e1509d1aa53dc88ebd45ffcc5545d76693cd7aa89fd7b9fb99cf16485d77a8151694256f2f30568978ab2a1a93ad68ee1e09d9d0abf067047

  • SSDEEP

    12288:8zfqBuPR96HVg++4PjhPTYrV0FVhtywooD8vJoAOP3z8iz2CX+:8T6Io/jJTM0HywvDGsPD8n

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ifrg

Decoy

68czt.com

gvosmm.com

stakehs.fun

constructionloancalculator.net

arissahotel.com

mndhhy.store

961bets.com

legendsturf.com

hbcucuratefoundation.com

vespeciative.com

zysport.net

terravortex.cfd

tasteitmakeit.com

muversus.pro

kqguvq.cfd

despachomorelia.com

66tv982.xyz

wineroomcontractor.com

boat-insurance-today.world

sygree.net

Targets

    • Target

      JPG-68376878978-SSG TENDER REQUEST.JPG.exe

    • Size

      592KB

    • MD5

      64df2da0575e7029bdadc77391850550

    • SHA1

      b634fafdaa6e58f240b255a950ac1c049cbcbaba

    • SHA256

      24e10f5915004000ec4bedf2c9f7a86dabb0480391b75b97af0c16c6151685b8

    • SHA512

      4743239362b8e27e1509d1aa53dc88ebd45ffcc5545d76693cd7aa89fd7b9fb99cf16485d77a8151694256f2f30568978ab2a1a93ad68ee1e09d9d0abf067047

    • SSDEEP

      12288:8zfqBuPR96HVg++4PjhPTYrV0FVhtywooD8vJoAOP3z8iz2CX+:8T6Io/jJTM0HywvDGsPD8n

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks