General

  • Target

    93ffb46ce3a6d27b2cb64dbda30d1594d39c305d665bdc6665516be2a280a243

  • Size

    781KB

  • Sample

    240509-na5cbahb55

  • MD5

    8ab0cc5984b1d23278cf872476364418

  • SHA1

    c3df6bb8cc0c82b3a431a37fb51030ad94a41167

  • SHA256

    93ffb46ce3a6d27b2cb64dbda30d1594d39c305d665bdc6665516be2a280a243

  • SHA512

    19b4d48a6ba7166bf170f35526a7420a8d82778dd6685d962a3f181ff1e789174b5aa03a5744d3e07df22d4a05ce23ae8f802ba559c99b35abc548e5d205d8d0

  • SSDEEP

    12288:vhMtGXYHbraO6Hop6GDrB2tC4bsPdV630L9DH4Vel:siYqtG6yrBwC00DYgl

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

jn17

Decoy

hynasty.com

africacementreview.com

5280micropantry.com

qcyu2.us

jl777-web.com

hcwsports.com

update-number-au.com

ymymvip.top

postds.buzz

dogwifnobrim.com

usapubpong.com

shopscoopido.com

medical-equipment.company

onyagu.com

tldrparent.com

jvpeople.com

seangalbraithphotography.com

ptt-gov.art

mutcosmeticsec.com

metameme.online

Targets

    • Target

      93ffb46ce3a6d27b2cb64dbda30d1594d39c305d665bdc6665516be2a280a243

    • Size

      781KB

    • MD5

      8ab0cc5984b1d23278cf872476364418

    • SHA1

      c3df6bb8cc0c82b3a431a37fb51030ad94a41167

    • SHA256

      93ffb46ce3a6d27b2cb64dbda30d1594d39c305d665bdc6665516be2a280a243

    • SHA512

      19b4d48a6ba7166bf170f35526a7420a8d82778dd6685d962a3f181ff1e789174b5aa03a5744d3e07df22d4a05ce23ae8f802ba559c99b35abc548e5d205d8d0

    • SSDEEP

      12288:vhMtGXYHbraO6Hop6GDrB2tC4bsPdV630L9DH4Vel:siYqtG6yrBwC00DYgl

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks