General

  • Target

    7ad4c6133f4f75ae91bf07f65dc5f21a.bin

  • Size

    672KB

  • Sample

    240505-bt6chade44

  • MD5

    b310359263f0e089264059f5a25bc527

  • SHA1

    bd91af28e03dc5e107f3a7707ae91bfe69539ac7

  • SHA256

    b2879ec4327e74f9e63ad47c271d286ba64ce1fff71e52c123881f4db55a60e9

  • SHA512

    2038d09041cfa20506d593d991482188ee728cd018943efc990d670900ccc80f23b0777fc54efcc6326a7de6c99a22d819cef644a17c349ace0854df4aa8f9da

  • SSDEEP

    12288:nP4OBFnOAw7u09WoAohGjbrw6Kzsfd11hp4yht2yIi0xcsPKBk+92uT/CNCXuX/9:nRBGu091AoGbrcoiyhEJixsF+BCAO/9

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ba94

Decoy

dxtra.shop

upfromhere-eventsdecor.com

blacksevenkoeln.shop

pcboards2024.xyz

posteo.lol

naservus.com

pivotance.com

90ans.com

ebenezer-remodeling.com

reddragondao.com

gspotshop.com

thesiamesebetta.biz

rrdhq.com

greenislandservices.info

prismotrov.com

elaqbh.shop

sosenfantscovidlong.com

elmsolarsavings.com

sol-casino-2023.club

sharecroipper.top

Targets

    • Target

      9aeee1a70ae929e15e376532efa734d1a7dd5c0b0c814c3e620dcfe68e7baa96.exe

    • Size

      1.1MB

    • MD5

      7ad4c6133f4f75ae91bf07f65dc5f21a

    • SHA1

      abab0fed5f43a2ee988fb45b8880d50292dc9d5f

    • SHA256

      9aeee1a70ae929e15e376532efa734d1a7dd5c0b0c814c3e620dcfe68e7baa96

    • SHA512

      c84ce782a3d8c637f68811365a5f1c6df008ff3996fc81b75b14a582dc8cbf636d3aa5db330763cd6ad1ca5cbeca8eb7c5035ba027dcc7329b643d89b423264a

    • SSDEEP

      24576:XqDEvCTbMWu7rQYlBQcBiT6rprG8aLJI1r+vgWrKA:XTvC/MTQYxsWR7aLJIl+VrK

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks