General

  • Target

    27816f5bbff9bb6d4cc2e1be225a435b

  • Size

    823KB

  • Sample

    231231-ep1g8sfhcm

  • MD5

    27816f5bbff9bb6d4cc2e1be225a435b

  • SHA1

    fd1f06a502d374711697015cc897fdb28e402e16

  • SHA256

    c2a7767b9323fd3630a56a3fb09a7884bd7dfb0f7146d5caafff472205e1ebdc

  • SHA512

    4bee32d2df168aeba05ceb9e511f84d4a7aa5d08c96047cf6ca0f3241e6d4fb8e4cf5e1cee3e6389e9ceaca400769032bd85b5f323975fdbed4963a3e5a7a217

  • SSDEEP

    12288:cTnbyyPuTtU9buOyHpBvygTUxiJKSflB88J7AtowemcjL8DP:crbyyWJpBvygA8Uil7ktUjcP

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

bsdd

Decoy

533dh.com

galerisikayet.xyz

tipsyalligator.com

crystalwellnessstudio.com

moovaap.com

lelfie.network

speedy-trips.com

prospectsolucoes.com

24x7customersservice.com

szbinsen.com

shikhardeals.com

totaldenta.com

ayksjx.com

avxrja.online

24kyule888.com

ufaw.net

spinozone.com

castvoicesmsreg.com

lajollawoodworks.com

renetyson.com

Targets

    • Target

      27816f5bbff9bb6d4cc2e1be225a435b

    • Size

      823KB

    • MD5

      27816f5bbff9bb6d4cc2e1be225a435b

    • SHA1

      fd1f06a502d374711697015cc897fdb28e402e16

    • SHA256

      c2a7767b9323fd3630a56a3fb09a7884bd7dfb0f7146d5caafff472205e1ebdc

    • SHA512

      4bee32d2df168aeba05ceb9e511f84d4a7aa5d08c96047cf6ca0f3241e6d4fb8e4cf5e1cee3e6389e9ceaca400769032bd85b5f323975fdbed4963a3e5a7a217

    • SSDEEP

      12288:cTnbyyPuTtU9buOyHpBvygTUxiJKSflB88J7AtowemcjL8DP:crbyyWJpBvygA8Uil7ktUjcP

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks