General

  • Target

    IMG.00HJEIY PRICE-QUOTE SSG 0874087.R00

  • Size

    554KB

  • Sample

    231024-mjf6eacc2w

  • MD5

    a385f200176ae9bd01f4f6fdff239a6a

  • SHA1

    26872b5be85628b432ee45caa5201c4f894aec25

  • SHA256

    1b238c709bf27d31a7509cd6fccc6fe63ad2a3595a91634c912e3f46bdf3ba15

  • SHA512

    188cb3ffcf9621532ea5ddde063cc7a50fe2229f94240b17ef8d5a496b3fba2d3a3b893584d41a7f64877dd8ead5f9164739cd5a2a7d81f2e9141bd02463b1a4

  • SSDEEP

    12288:3PVYqntrrjF4w/cd/P57Gnm40Zge2tLC+RmC92A5:3PVYq9jF40c5FGn508C+Rm9A5

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ifrg

Decoy

68czt.com

gvosmm.com

stakehs.fun

constructionloancalculator.net

arissahotel.com

mndhhy.store

961bets.com

legendsturf.com

hbcucuratefoundation.com

vespeciative.com

zysport.net

terravortex.cfd

tasteitmakeit.com

muversus.pro

kqguvq.cfd

despachomorelia.com

66tv982.xyz

wineroomcontractor.com

boat-insurance-today.world

sygree.net

Targets

    • Target

      IMG.00HJEIY PRICE-QUOTE SSG 0874087.exe

    • Size

      604KB

    • MD5

      94c19a35210d356074c3cfaa1ea92350

    • SHA1

      c0ee6ed414e3a3a3b6c02ebb73dfcb761e276b3f

    • SHA256

      f1f7dcf88e6ca4fa8165311d3920015410923574ed2f84decec634adab432063

    • SHA512

      a0824111cb5cf4eb8f39a785189b66be396c8261dea9800df12dd25e0aca1f95dffafc44662c773c714fd981a95165afa19d0d7c06df26572cc51192dea98de6

    • SSDEEP

      12288:VzfqB+9TPTn4j+sBqGAbf54AZ+W0AouwDjPUM4JiCtg2q:VT6+FEqsBEN4K+WjwpIg

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks