General

  • Target

    24102023_1632_24102023_PO8687.zip

  • Size

    621KB

  • Sample

    231024-kf81xabg3s

  • MD5

    db65d277a3f2141d010b4b099459b0df

  • SHA1

    c551237a5f213ebc9cc8619f9fda1d148ca44125

  • SHA256

    39292ee98e42a063b2102637d38891e7766c3f5336274e87a843beb43b68022e

  • SHA512

    ceb841a76dac3aa32b6f3a43b879f6a412b4ff9bd8b1125ba5f9e3dc8b2f30005f50b1d114d5fb9635e46cd120e1a1c97496b8e66c58ddbae1100035fc9bacbb

  • SSDEEP

    12288:hbCTWN5P7HuZeeQZq+bPiK9bzMl+v3cIt5LDL3XqYBl7Ef1ZJbB2xfORaF:hbEeZ1cl+RnDXqYBlwtBgF

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ro12

Decoy

start399.com

decyfincoin.com

binguozhijiaok.com

one45.vip

55dy5s.top

regmt.pro

2ahxgaafifl.com

xn--6rtp2flvfc2h.com

justinmburns.com

los3.online

fleshaaikensdivinegiven7llc.com

servicedelv.services

apexcaryhomesforsale.com

shuraop.xyz

sagetotal.com

gratitude-et-compagnie.com

riderarea.com

digitalserviceact.online

contentbyc.com

agenda-digital-planner.com

Targets

    • Target

      PO8687.exe

    • Size

      833KB

    • MD5

      1dd1306ed0bbb1f33ba73c6d4d7d1356

    • SHA1

      84c1e911a3645552216c3df29e3b91af522105e3

    • SHA256

      ae9ece15dac6f70aa1916275051402816ef39d85c6322c153e8afe0ba22ab26d

    • SHA512

      dc14f1a4d04f88d50f3e2ed5db8b1619c93eec9bf8c4e8353832ae79be61425ec76432b09190ae04f955f76383c75dff5877198fe6cf597a48fb9273230cfd26

    • SSDEEP

      12288:jsxTA6qC3ZEeQ7q+bZiK9HzMl90/BkxepwguAFYJHmcXE3SJ:Qxs67EZl4lI+epxu9JHHU

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks