General

  • Target

    9206da924147e9cc204405a4fe9494c19fb50365c243188ee80ebeeae7d39351.exe

  • Size

    537KB

  • Sample

    231127-vhnsvsad5z

  • MD5

    eddb45e0917911908d24f104fcf134dd

  • SHA1

    09c5c74cdb780570b97d953b6c64aa519eb352be

  • SHA256

    9206da924147e9cc204405a4fe9494c19fb50365c243188ee80ebeeae7d39351

  • SHA512

    f261a60e021e092eb008f2b53ac57e054adc48ad933aebdc36cce2e3f10a005ba42c5b1a1b6031da7d75ce95415f14434f8e32f37f593b6dac796ba13166e2c4

  • SSDEEP

    12288:1y8o94Kms3Y4K/O0nCQJ47/znWk/eFecVPuLWnVerFVCKEH:1FCiALixnd2jW+ykVpV1e

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

gy14

Decoy

mavbam.com

theanhedonia.com

budgetnurseries.com

buflitr.com

alqamarhotel.com

2660348.top

123bu6.shop

v72999.com

yzyz841.xyz

247fracing.com

naples.beauty

twinklethrive.com

loscaseros.com

creditspisatylegko.site

sgyy3ej2dgwesb5.com

ufocafe.net

techn9nehollywoodundead.com

truedatalab.com

alterdpxlmarketing.com

harborspringsfire.com

Targets

    • Target

      9206da924147e9cc204405a4fe9494c19fb50365c243188ee80ebeeae7d39351.exe

    • Size

      537KB

    • MD5

      eddb45e0917911908d24f104fcf134dd

    • SHA1

      09c5c74cdb780570b97d953b6c64aa519eb352be

    • SHA256

      9206da924147e9cc204405a4fe9494c19fb50365c243188ee80ebeeae7d39351

    • SHA512

      f261a60e021e092eb008f2b53ac57e054adc48ad933aebdc36cce2e3f10a005ba42c5b1a1b6031da7d75ce95415f14434f8e32f37f593b6dac796ba13166e2c4

    • SSDEEP

      12288:1y8o94Kms3Y4K/O0nCQJ47/znWk/eFecVPuLWnVerFVCKEH:1FCiALixnd2jW+ykVpV1e

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks