General

  • Target

    1baa49adfc29b9c617faf3d22a5f96cdd09f5e4f40ff311e310eebbba0b5b632.exe

  • Size

    607KB

  • Sample

    240501-bffjxsca8w

  • MD5

    996d7250076cce98279078a09d5c7f2c

  • SHA1

    b4c3d10006e540d5e96092d00a4575bc6bb66c27

  • SHA256

    1baa49adfc29b9c617faf3d22a5f96cdd09f5e4f40ff311e310eebbba0b5b632

  • SHA512

    489745a8a41cede8da9b79f4e6c331dd38f913b3564d5348a2e235d71a9afd1c6c9a278b10bf860de4b8bce6ca0ddc61f4aa86b905b9fd93b3d70f3ddb9a2506

  • SSDEEP

    12288:QXueWFm+fEN/R9USeCXT85sL1jhVmXOuZM6WG9OMu5LLVl8I1+Fr/b:ZRFm+fqzFTN19kWG9xu5LLb8I1+Z/

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ba94

Decoy

dxtra.shop

upfromhere-eventsdecor.com

blacksevenkoeln.shop

pcboards2024.xyz

posteo.lol

naservus.com

pivotance.com

90ans.com

ebenezer-remodeling.com

reddragondao.com

gspotshop.com

thesiamesebetta.biz

rrdhq.com

greenislandservices.info

prismotrov.com

elaqbh.shop

sosenfantscovidlong.com

elmsolarsavings.com

sol-casino-2023.club

sharecroipper.top

Targets

    • Target

      1baa49adfc29b9c617faf3d22a5f96cdd09f5e4f40ff311e310eebbba0b5b632.exe

    • Size

      607KB

    • MD5

      996d7250076cce98279078a09d5c7f2c

    • SHA1

      b4c3d10006e540d5e96092d00a4575bc6bb66c27

    • SHA256

      1baa49adfc29b9c617faf3d22a5f96cdd09f5e4f40ff311e310eebbba0b5b632

    • SHA512

      489745a8a41cede8da9b79f4e6c331dd38f913b3564d5348a2e235d71a9afd1c6c9a278b10bf860de4b8bce6ca0ddc61f4aa86b905b9fd93b3d70f3ddb9a2506

    • SSDEEP

      12288:QXueWFm+fEN/R9USeCXT85sL1jhVmXOuZM6WG9OMu5LLVl8I1+Fr/b:ZRFm+fqzFTN19kWG9xu5LLb8I1+Z/

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks