General

  • Target

    8e0cab6e15c8ecf53d170b396a5cdb6db74f1a8cc5bfd408ef5d480f25fa358c.r01

  • Size

    563KB

  • Sample

    240403-byxwxsbh81

  • MD5

    0b9273379154c4aa08253e7fa8e63acf

  • SHA1

    2204765403517080e653c8171fe30975d43c681e

  • SHA256

    8e0cab6e15c8ecf53d170b396a5cdb6db74f1a8cc5bfd408ef5d480f25fa358c

  • SHA512

    8b8a06729b27f8b16528b624807b3835cb7198f81136a940586f83d1ab4d0562292c332c25187f8315e4979712af3a168c6903c8b3ca4754a757eed62913b866

  • SSDEEP

    12288:IQQYDSNgtDd84RF1WcEoKGH0nRj4GscglyOUTPEfVOUhZfxovrDvgBSNt:crw1WM0JrmlyOaPEfwoxxQR

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ns03

Decoy

dipity.tech

agathis.fun

ekaterinai.store

elizabethsbookshelf.com

smilesustainably.com

tapeworm.xyz

beatricesswarthout.xyz

nsrpackersandpackers.in

yedxec.xyz

gildedbeautyaesthitics.com

hanibalbechar.com

fichaphuman.net

adilosk.shop

geezaran.com

ventasemail.com

phonecasesdirect.store

rctjuc.shop

sukimossmanagement.com

caller-id.today

kft07.vip

Targets

    • Target

      bnY2j1hTDlb4vxF.exe

    • Size

      610KB

    • MD5

      0b90be647821fb3812e6c340c6587fae

    • SHA1

      04ee5bf64f4fd6a512828a818c110697d19f18ab

    • SHA256

      12c7ec6f047ebf12cb9f142bb71fb0de5a61de79286776440b5814c94d93e2e4

    • SHA512

      d348ece6997947050c8b3c01df55f157767444892196c0bd001012c36c610b93696853f35080551e10bec6f4a15c1098cd1132acab84a697c4fed07deac34ab6

    • SSDEEP

      12288:233bFUoSfRmhTIJgWGdm6HrC/QpCiriaEHCnLEovkR:23pqf8TIJge6HrCy6hHCLEd

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Detects executables packed with SmartAssembly

    • Formbook payload

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks