General

  • Target

    103efdb01e1889ae221d336ce2466a80_NEIKI

  • Size

    739KB

  • Sample

    240507-x8drpaee37

  • MD5

    103efdb01e1889ae221d336ce2466a80

  • SHA1

    535a484cc754a4227cba6791be4c4692e334b98e

  • SHA256

    78859999a84ee7e749de4ae398a73af634288c84225daaf740838ec821f7f12f

  • SHA512

    b68fc6348a36a6e85575917f528819e1105ba364f48f2f848817633ff9f274d0ae0aeeb19ba378d5fe34de0ac6f8c92506e4494bef5004ad58df374db231ca3d

  • SSDEEP

    12288:LxN50quGgIVlMtlbbYIyc1iB5uXjXOGaOEFeZ1TUDI3CfCku96GGemz5tlPDK4:LxN5juYDMtlbEIn1iBMTOGV4O1TV3Cqf

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

he2a

Decoy

connectioncompass.store

zekicharge.com

dp77.shop

guninfo.guru

mamaeconomics.net

narcisme.coach

redtopassociates.com

ezezn.com

theoregondog.com

pagosmultired.online

emsculptcenterofne.com

meet-friends.online

pf326.com

wealthjigsaw.xyz

arsajib.com

kickassholdings.online

avaturre.biz

dtslogs.com

lb92.tech

pittalam.com

Targets

    • Target

      103efdb01e1889ae221d336ce2466a80_NEIKI

    • Size

      739KB

    • MD5

      103efdb01e1889ae221d336ce2466a80

    • SHA1

      535a484cc754a4227cba6791be4c4692e334b98e

    • SHA256

      78859999a84ee7e749de4ae398a73af634288c84225daaf740838ec821f7f12f

    • SHA512

      b68fc6348a36a6e85575917f528819e1105ba364f48f2f848817633ff9f274d0ae0aeeb19ba378d5fe34de0ac6f8c92506e4494bef5004ad58df374db231ca3d

    • SSDEEP

      12288:LxN50quGgIVlMtlbbYIyc1iB5uXjXOGaOEFeZ1TUDI3CfCku96GGemz5tlPDK4:LxN5juYDMtlbEIn1iBMTOGV4O1TV3Cqf

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks