General

  • Target

    c8db69eec2367286f0043128bd23258f00ded1f0952585c801a5418c6598fe36.rar

  • Size

    596KB

  • Sample

    240504-b5xjqsdb33

  • MD5

    8a520f060f2b968b9bd955defd74aa43

  • SHA1

    cfcff96c1184d17fd35b239177f5f438d48a8f66

  • SHA256

    c8db69eec2367286f0043128bd23258f00ded1f0952585c801a5418c6598fe36

  • SHA512

    2bcaf8df9edcd198bd7540cd388461cadcdb3d7533f723fa4c7827b68475d0bdf428571c5bcadde69f70e65dcb6abfb635212cc56d70153b9cdf1bec877a48b3

  • SSDEEP

    12288:SWqYYmnqiE6hU3AjdgJ+p2eT/YyGOB7NUCNbqxQCgo1P98bPd9r:oYUgvgqlTfJbCPur

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ba94

Decoy

dxtra.shop

upfromhere-eventsdecor.com

blacksevenkoeln.shop

pcboards2024.xyz

posteo.lol

naservus.com

pivotance.com

90ans.com

ebenezer-remodeling.com

reddragondao.com

gspotshop.com

thesiamesebetta.biz

rrdhq.com

greenislandservices.info

prismotrov.com

elaqbh.shop

sosenfantscovidlong.com

elmsolarsavings.com

sol-casino-2023.club

sharecroipper.top

Targets

    • Target

      shipping doc

    • Size

      1.1MB

    • MD5

      7ad4c6133f4f75ae91bf07f65dc5f21a

    • SHA1

      abab0fed5f43a2ee988fb45b8880d50292dc9d5f

    • SHA256

      9aeee1a70ae929e15e376532efa734d1a7dd5c0b0c814c3e620dcfe68e7baa96

    • SHA512

      c84ce782a3d8c637f68811365a5f1c6df008ff3996fc81b75b14a582dc8cbf636d3aa5db330763cd6ad1ca5cbeca8eb7c5035ba027dcc7329b643d89b423264a

    • SSDEEP

      24576:XqDEvCTbMWu7rQYlBQcBiT6rprG8aLJI1r+vgWrKA:XTvC/MTQYxsWR7aLJIl+VrK

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks