General

  • Target

    eec2040b640e5b1806119e1a428d54c4dab8fe87e2afe89570d158968122e4bb.exe

  • Size

    573KB

  • Sample

    240509-l8vjnacd91

  • MD5

    90d93d073d92e1cd47f4d792f430bbbc

  • SHA1

    3e4fe2f29722803551c31fe38aa04d97ec9150e7

  • SHA256

    eec2040b640e5b1806119e1a428d54c4dab8fe87e2afe89570d158968122e4bb

  • SHA512

    bd1daa7f963319f40e59c27870737f43e61e087c20cc0c3605a23910eb3a3a1aa27384f2c041d2a12bb1aed35adaabad6f7b797fbdd61acd5dde181046441481

  • SSDEEP

    12288:rccadOGEW1ivxTRRSXyXQjDYq7C+5bLTTrBGZKGYC1DrJh6xjfHBB778Q6:IWGEW16TRRSKcAGbzrB4SC1DrJ0ZJB

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

fs83

Decoy

blastol.space

tomwalkerisfalco.com

us-sumatrraslimbellytonic.com

drywallandpaintingservice.com

vntapp.net

passportpages.site

at-mim.com

yeondagoods.com

teomanyildirim.com

paygame.site

senze.art

alhandco.com

9831bsej.xyz

traumatic.xyz

sos-soutien.com

thetechnolgy.live

washing-machine-46612.bond

marvsneakers.com

shequbaike.net

xc4f35fg4h35fg4h53.top

Targets

    • Target

      eec2040b640e5b1806119e1a428d54c4dab8fe87e2afe89570d158968122e4bb.exe

    • Size

      573KB

    • MD5

      90d93d073d92e1cd47f4d792f430bbbc

    • SHA1

      3e4fe2f29722803551c31fe38aa04d97ec9150e7

    • SHA256

      eec2040b640e5b1806119e1a428d54c4dab8fe87e2afe89570d158968122e4bb

    • SHA512

      bd1daa7f963319f40e59c27870737f43e61e087c20cc0c3605a23910eb3a3a1aa27384f2c041d2a12bb1aed35adaabad6f7b797fbdd61acd5dde181046441481

    • SSDEEP

      12288:rccadOGEW1ivxTRRSXyXQjDYq7C+5bLTTrBGZKGYC1DrJh6xjfHBB778Q6:IWGEW16TRRSKcAGbzrB4SC1DrJ0ZJB

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks