General

  • Target

    Purchase Order For Consumables Eltra 008363725_9645364782_1197653623_836652746_22994644.exe

  • Size

    1.1MB

  • Sample

    240503-h13nhshf9s

  • MD5

    943efcacb9b6e31fd1fb06603641f259

  • SHA1

    0556c77bab07dd97230df5ebff60b38298e79f25

  • SHA256

    99ad43415d3fce1de4b15b26893f60e126645f028602a7a0fff9432b99403433

  • SHA512

    70760f8bb6076ac3d338ee5c786600f0b55fb7300c3ba8ee7496ad669046507a67afb97f76c1a1a6ef529dcf8346a8690c822d5d0f54de59f57b75076b155620

  • SSDEEP

    24576:DqDEvCTbMWu7rQYlBQcBiT6rprG8arAcTMFku9In:DTvC/MTQYxsWR7arA2M+

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

se63

Decoy

socratesandhisclouds.com

versioncolor.com

ytcp011.com

908511.vip

egysrvs.com

ky5682011.cc

kkuu14.icu

wavebsb.com

klikadelivery.com

jnbxbpq.com

5o8oh.us

hemule.net

techinf.xyz

bevage.club

we37h.com

tipsde.shop

48136.vip

bestcampertrailerbrands.com

fairmedics.in

quixonic.tech

Targets

    • Target

      Purchase Order For Consumables Eltra 008363725_9645364782_1197653623_836652746_22994644.exe

    • Size

      1.1MB

    • MD5

      943efcacb9b6e31fd1fb06603641f259

    • SHA1

      0556c77bab07dd97230df5ebff60b38298e79f25

    • SHA256

      99ad43415d3fce1de4b15b26893f60e126645f028602a7a0fff9432b99403433

    • SHA512

      70760f8bb6076ac3d338ee5c786600f0b55fb7300c3ba8ee7496ad669046507a67afb97f76c1a1a6ef529dcf8346a8690c822d5d0f54de59f57b75076b155620

    • SSDEEP

      24576:DqDEvCTbMWu7rQYlBQcBiT6rprG8arAcTMFku9In:DTvC/MTQYxsWR7arA2M+

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks