General

  • Target

    86104345f9894e11d5eff087eb4d18c29a4cbe90aa5d8f2d9462983010c5050a.exe

  • Size

    621KB

  • Sample

    240501-b46q1sda8s

  • MD5

    7c3ad5ed102c12c0f50c15f9d91f65bb

  • SHA1

    ab2485229421aea50edf7fbb75396000ec3867aa

  • SHA256

    86104345f9894e11d5eff087eb4d18c29a4cbe90aa5d8f2d9462983010c5050a

  • SHA512

    9128d056a8dc38b4b405cddcabd8fca35901a4f1ea6869857b067c0e721d3cbadb6113c93e189a63d59d2a4a0a8ac06876b2e4ea1da3f29bc35ee7d210ec2fd5

  • SSDEEP

    12288:TtueWFm+K+WmfYSXVcOqdoPhzKhim877a6UgEB+cDhbpwc4oFsj7odkR:gRFm+K+R2oPghi2GEImRpwDoWj7x

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

cn26

Decoy

ajtsistemas.com

kolotylo.info

mraofficial.store

shopcupsareus.com

odishastatenews.in

yipicircle.life

bryve.shop

tempotrekstore.com

casinoslotsjoint.com

xiaoshuoxyz.com

art-birdsflyinghigh.com

odvip438.com

verlatservicios.com

bilocoin.world

lamaisonfacile.com

guojiang-v37.xyz

shsredgpoufnds.net

thequorumcompany.com

qf4h1tcpmgxor7b.skin

daisyjoanniezu.cyou

Targets

    • Target

      86104345f9894e11d5eff087eb4d18c29a4cbe90aa5d8f2d9462983010c5050a.exe

    • Size

      621KB

    • MD5

      7c3ad5ed102c12c0f50c15f9d91f65bb

    • SHA1

      ab2485229421aea50edf7fbb75396000ec3867aa

    • SHA256

      86104345f9894e11d5eff087eb4d18c29a4cbe90aa5d8f2d9462983010c5050a

    • SHA512

      9128d056a8dc38b4b405cddcabd8fca35901a4f1ea6869857b067c0e721d3cbadb6113c93e189a63d59d2a4a0a8ac06876b2e4ea1da3f29bc35ee7d210ec2fd5

    • SSDEEP

      12288:TtueWFm+K+WmfYSXVcOqdoPhzKhim877a6UgEB+cDhbpwc4oFsj7odkR:gRFm+K+R2oPghi2GEImRpwDoWj7x

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks