General

  • Target

    bnY2j1hTDlb4vxF.exe

  • Size

    610KB

  • Sample

    240402-hvcj5sae8s

  • MD5

    0b90be647821fb3812e6c340c6587fae

  • SHA1

    04ee5bf64f4fd6a512828a818c110697d19f18ab

  • SHA256

    12c7ec6f047ebf12cb9f142bb71fb0de5a61de79286776440b5814c94d93e2e4

  • SHA512

    d348ece6997947050c8b3c01df55f157767444892196c0bd001012c36c610b93696853f35080551e10bec6f4a15c1098cd1132acab84a697c4fed07deac34ab6

  • SSDEEP

    12288:233bFUoSfRmhTIJgWGdm6HrC/QpCiriaEHCnLEovkR:23pqf8TIJge6HrCy6hHCLEd

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ns03

Decoy

dipity.tech

agathis.fun

ekaterinai.store

elizabethsbookshelf.com

smilesustainably.com

tapeworm.xyz

beatricesswarthout.xyz

nsrpackersandpackers.in

yedxec.xyz

gildedbeautyaesthitics.com

hanibalbechar.com

fichaphuman.net

adilosk.shop

geezaran.com

ventasemail.com

phonecasesdirect.store

rctjuc.shop

sukimossmanagement.com

caller-id.today

kft07.vip

Targets

    • Target

      bnY2j1hTDlb4vxF.exe

    • Size

      610KB

    • MD5

      0b90be647821fb3812e6c340c6587fae

    • SHA1

      04ee5bf64f4fd6a512828a818c110697d19f18ab

    • SHA256

      12c7ec6f047ebf12cb9f142bb71fb0de5a61de79286776440b5814c94d93e2e4

    • SHA512

      d348ece6997947050c8b3c01df55f157767444892196c0bd001012c36c610b93696853f35080551e10bec6f4a15c1098cd1132acab84a697c4fed07deac34ab6

    • SSDEEP

      12288:233bFUoSfRmhTIJgWGdm6HrC/QpCiriaEHCnLEovkR:23pqf8TIJge6HrCy6hHCLEd

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks