General

  • Target

    e5435dd5c1dab1fd1a738ddf914ea9af64e89daa4b141b3075f53f0960805dbe.exe

  • Size

    651KB

  • Sample

    240504-b7w1zsab8s

  • MD5

    1440eafa4e1f01b0693b61654fc7b90e

  • SHA1

    db2aa3fa0244b3cf7b8188bedf9d4845570af1f3

  • SHA256

    e5435dd5c1dab1fd1a738ddf914ea9af64e89daa4b141b3075f53f0960805dbe

  • SHA512

    a6be003c108823581d2c4effe75d4b9ed479fdd6be2a5f6568b4872f66e6e4192469e68f7ee08b53688d78d66ad34573380f77ea6a171f63b8035b925ef2fe1d

  • SSDEEP

    12288:VUeoUNewB3lO3Y4efpbQXf1PmxC3B88JJnz1ipMzYDHh2lp/yyJG/9hZadInkIkR:P1dYrIbQkxC3TB1i+MDB2lp/y4kkf

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

be03

Decoy

458q14v4ams2.com

priceoctopus.com

betinplay.xyz

bcnd.xyz

1510soliveavenue.com

mcdpropertypros.com

reddcrownexpress.com

rewardlabs.shop

burenbrand.com

revand.io

tractionendurancecoaching.com

jotaerreshopp.com

shopboyg.com

dakor.shop

groundswellmag.life

nehagadodia.com

dancarellibizbroker.com

meconline.co

ttmq.cc

thegoldenyouph.com

Targets

    • Target

      e5435dd5c1dab1fd1a738ddf914ea9af64e89daa4b141b3075f53f0960805dbe.exe

    • Size

      651KB

    • MD5

      1440eafa4e1f01b0693b61654fc7b90e

    • SHA1

      db2aa3fa0244b3cf7b8188bedf9d4845570af1f3

    • SHA256

      e5435dd5c1dab1fd1a738ddf914ea9af64e89daa4b141b3075f53f0960805dbe

    • SHA512

      a6be003c108823581d2c4effe75d4b9ed479fdd6be2a5f6568b4872f66e6e4192469e68f7ee08b53688d78d66ad34573380f77ea6a171f63b8035b925ef2fe1d

    • SSDEEP

      12288:VUeoUNewB3lO3Y4efpbQXf1PmxC3B88JJnz1ipMzYDHh2lp/yyJG/9hZadInkIkR:P1dYrIbQkxC3TB1i+MDB2lp/y4kkf

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Detects executables packed with SmartAssembly

    • Formbook payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks