General

  • Target

    9aeee1a70ae929e15e376532efa734d1a7dd5c0b0c814c3e620dcfe68e7baa96.exe

  • Size

    1.1MB

  • Sample

    240504-bysl7shg8z

  • MD5

    7ad4c6133f4f75ae91bf07f65dc5f21a

  • SHA1

    abab0fed5f43a2ee988fb45b8880d50292dc9d5f

  • SHA256

    9aeee1a70ae929e15e376532efa734d1a7dd5c0b0c814c3e620dcfe68e7baa96

  • SHA512

    c84ce782a3d8c637f68811365a5f1c6df008ff3996fc81b75b14a582dc8cbf636d3aa5db330763cd6ad1ca5cbeca8eb7c5035ba027dcc7329b643d89b423264a

  • SSDEEP

    24576:XqDEvCTbMWu7rQYlBQcBiT6rprG8aLJI1r+vgWrKA:XTvC/MTQYxsWR7aLJIl+VrK

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ba94

Decoy

dxtra.shop

upfromhere-eventsdecor.com

blacksevenkoeln.shop

pcboards2024.xyz

posteo.lol

naservus.com

pivotance.com

90ans.com

ebenezer-remodeling.com

reddragondao.com

gspotshop.com

thesiamesebetta.biz

rrdhq.com

greenislandservices.info

prismotrov.com

elaqbh.shop

sosenfantscovidlong.com

elmsolarsavings.com

sol-casino-2023.club

sharecroipper.top

Targets

    • Target

      9aeee1a70ae929e15e376532efa734d1a7dd5c0b0c814c3e620dcfe68e7baa96.exe

    • Size

      1.1MB

    • MD5

      7ad4c6133f4f75ae91bf07f65dc5f21a

    • SHA1

      abab0fed5f43a2ee988fb45b8880d50292dc9d5f

    • SHA256

      9aeee1a70ae929e15e376532efa734d1a7dd5c0b0c814c3e620dcfe68e7baa96

    • SHA512

      c84ce782a3d8c637f68811365a5f1c6df008ff3996fc81b75b14a582dc8cbf636d3aa5db330763cd6ad1ca5cbeca8eb7c5035ba027dcc7329b643d89b423264a

    • SSDEEP

      24576:XqDEvCTbMWu7rQYlBQcBiT6rprG8aLJI1r+vgWrKA:XTvC/MTQYxsWR7aLJIl+VrK

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks