General

  • Target

    2eadbbb63c8c36c588958484ad8d5a044a689f72ea3cc81a9dcf4b1a829ff7e9

  • Size

    770KB

  • Sample

    231024-kvjpkadf69

  • MD5

    2ae5024147f938d7ad4bfa641185b8a2

  • SHA1

    57b2354e30db76b3117a4b66c8f6799b60712898

  • SHA256

    2eadbbb63c8c36c588958484ad8d5a044a689f72ea3cc81a9dcf4b1a829ff7e9

  • SHA512

    88e7c36b1ec7dca49a6659a53867f76c213ea6eed286be32c0de27be123b08aa59539d9f7b44354b44df3b60664b464857dd8620b2b5ab07d88fa7f482e09a9e

  • SSDEEP

    12288:MSRpYK2LTwmolPMwpzjCtIb+Jehw938bmibUBE/P4:NuTwhPTjJbk938nbUBEH

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

oy30

Decoy

rfc234.top

danielcavalari.com

elperegrinocabo.com

aryor.info

surelistening.com

premium-numero-telf.buzz

orlynyml.click

tennislovers-ro.com

holdmytracker.com

eewapay.com

jaimesinstallglass.com

damactrade.net

swapspecialities.com

perfumesrffd.today

salesfactory.pro

supportive-solutions.com

naiol.com

khoyr.com

kalendeargpt44.com

web-tech-spb.store

Targets

    • Target

      2eadbbb63c8c36c588958484ad8d5a044a689f72ea3cc81a9dcf4b1a829ff7e9

    • Size

      770KB

    • MD5

      2ae5024147f938d7ad4bfa641185b8a2

    • SHA1

      57b2354e30db76b3117a4b66c8f6799b60712898

    • SHA256

      2eadbbb63c8c36c588958484ad8d5a044a689f72ea3cc81a9dcf4b1a829ff7e9

    • SHA512

      88e7c36b1ec7dca49a6659a53867f76c213ea6eed286be32c0de27be123b08aa59539d9f7b44354b44df3b60664b464857dd8620b2b5ab07d88fa7f482e09a9e

    • SSDEEP

      12288:MSRpYK2LTwmolPMwpzjCtIb+Jehw938bmibUBE/P4:NuTwhPTjJbk938nbUBEH

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks