General

  • Target

    c4b6e4bd4131eaa2fba28259570135346ea35a90bf271bab1560f019550698fd.exe

  • Size

    612KB

  • Sample

    240501-cc4ysafd73

  • MD5

    32c8968f0c4a7729f9d77e64754a1adc

  • SHA1

    bff983416a08dfaa03e06899f1f38f0fb81a6549

  • SHA256

    c4b6e4bd4131eaa2fba28259570135346ea35a90bf271bab1560f019550698fd

  • SHA512

    14401c5af5700f7b2188f7465e7d3bdd012bf7c7c932c54306a4a2933fb9b8d6fa062f5ebe118c0e5642e55ec3c6f0057db6d19baa716c8bde3c6f3948078c88

  • SSDEEP

    12288:qeaB778QPGBU9HFbUqymu2OtCoAwLDVn83rwVQbkR:PaBlmAFAqvubsHuDWUV/

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

be03

Decoy

458q14v4ams2.com

priceoctopus.com

betinplay.xyz

bcnd.xyz

1510soliveavenue.com

mcdpropertypros.com

reddcrownexpress.com

rewardlabs.shop

burenbrand.com

revand.io

tractionendurancecoaching.com

jotaerreshopp.com

shopboyg.com

dakor.shop

groundswellmag.life

nehagadodia.com

dancarellibizbroker.com

meconline.co

ttmq.cc

thegoldenyouph.com

Targets

    • Target

      c4b6e4bd4131eaa2fba28259570135346ea35a90bf271bab1560f019550698fd.exe

    • Size

      612KB

    • MD5

      32c8968f0c4a7729f9d77e64754a1adc

    • SHA1

      bff983416a08dfaa03e06899f1f38f0fb81a6549

    • SHA256

      c4b6e4bd4131eaa2fba28259570135346ea35a90bf271bab1560f019550698fd

    • SHA512

      14401c5af5700f7b2188f7465e7d3bdd012bf7c7c932c54306a4a2933fb9b8d6fa062f5ebe118c0e5642e55ec3c6f0057db6d19baa716c8bde3c6f3948078c88

    • SSDEEP

      12288:qeaB778QPGBU9HFbUqymu2OtCoAwLDVn83rwVQbkR:PaBlmAFAqvubsHuDWUV/

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks