General

  • Target

    690955d5af76a8aaac2f4d703f182b0b2d42939d13dce8783313a232ed942719.exe

  • Size

    601KB

  • Sample

    240501-bzag1sch3w

  • MD5

    81e2def0b86117a5399a0b11bb4837dd

  • SHA1

    c9ee314a02e1d0b19171b7c5a10bf3afff67b35f

  • SHA256

    690955d5af76a8aaac2f4d703f182b0b2d42939d13dce8783313a232ed942719

  • SHA512

    1d2e3a87cea3b5421281ef5d9eed818da158c65827c28243cdb115d451cd48aa41a213dac4a51a52c05d0b1f2d5a4702e67366155376e5361e569ee53cc6ebad

  • SSDEEP

    12288:iiTB778QCQQ8O0FbtvspPnxn65aYeOUVNK9WDhOA9N54N02+4V29MjX:9B8QDzFIPnSlcK9WDhOMSabmj

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

mx21

Decoy

mexiwow.com

oneightycreative.com

ask2fairplay.com

innovativeindustires.com

orderhypnosis.com

qualitycriticalcare.com

scalestarloop.com

francostamales.com

immortalgameclothing.com

kccapcc.com

pauruiz.cat

eddyindyman.com

yourarchivedfashion.com

plantpoweredpodiatrist.com

silvekoski.net

ketoapuwarabson.cloud

themooncartomanzia.com

ikjd7v.cc

listmyhousefast.com

owl3.net

Targets

    • Target

      690955d5af76a8aaac2f4d703f182b0b2d42939d13dce8783313a232ed942719.exe

    • Size

      601KB

    • MD5

      81e2def0b86117a5399a0b11bb4837dd

    • SHA1

      c9ee314a02e1d0b19171b7c5a10bf3afff67b35f

    • SHA256

      690955d5af76a8aaac2f4d703f182b0b2d42939d13dce8783313a232ed942719

    • SHA512

      1d2e3a87cea3b5421281ef5d9eed818da158c65827c28243cdb115d451cd48aa41a213dac4a51a52c05d0b1f2d5a4702e67366155376e5361e569ee53cc6ebad

    • SSDEEP

      12288:iiTB778QCQQ8O0FbtvspPnxn65aYeOUVNK9WDhOA9N54N02+4V29MjX:9B8QDzFIPnSlcK9WDhOMSabmj

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks