General

  • Target

    mail.eml

  • Size

    877KB

  • Sample

    240502-gvqlbsah91

  • MD5

    a0ec1fae38648b4bea8060a9ca187018

  • SHA1

    0272fe9bbc49f8b369a418ee1a2cedf799ceade7

  • SHA256

    0ed1f530b680339424c7d1e8287a1ff382a0bf370230dd7099efed2faf39f1e3

  • SHA512

    e740181fd440f566dab0c991b30b7ac5ffdba475816b7d24c8ad661f6c4a89ecf26fb0fd2436b6c7ca3a6e0bee43c81e58301fcbcd51be1d6105e44abc9e64a4

  • SSDEEP

    24576:XYQfkRVf6x7wfWAGY3y7doKcWFRy2mI5w1R:XYWUWfxKR

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ba94

Decoy

dxtra.shop

upfromhere-eventsdecor.com

blacksevenkoeln.shop

pcboards2024.xyz

posteo.lol

naservus.com

pivotance.com

90ans.com

ebenezer-remodeling.com

reddragondao.com

gspotshop.com

thesiamesebetta.biz

rrdhq.com

greenislandservices.info

prismotrov.com

elaqbh.shop

sosenfantscovidlong.com

elmsolarsavings.com

sol-casino-2023.club

sharecroipper.top

Targets

    • Target

      shipping doc.exe

    • Size

      1.1MB

    • MD5

      47707710ceef8190cd4cd7e4fd28591b

    • SHA1

      a3e81115d9e6f3927de11aefe377fc5d1ee85854

    • SHA256

      8c41a444478b203f5df1d1f74609057c499e885fe6050a8bd1cf5f0743ab6cee

    • SHA512

      3b2a2a7401219a9fb817a41ee3077d6caa01a4d9de2cbb0af1cd49059d974c4a4f6f5c93f4142b1c035fc31eeb60f8470664679c5f66770d6a314315596e16c6

    • SSDEEP

      24576:7qDEvCTbMWu7rQYlBQcBiT6rprG8aHTZAwh3bYn:7TvC/MTQYxsWR7aHtAg

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks