General

  • Target

    7fed68ba146560f5393163d8398fe93f07073148efe4e8e41472efb9efe1b2e1

  • Size

    773KB

  • Sample

    240512-akazkaac68

  • MD5

    b095eb42a3655295d6a2930ebfe86027

  • SHA1

    59c8ee670f9aaa5de19e6295ab95081ef1d72bc7

  • SHA256

    7fed68ba146560f5393163d8398fe93f07073148efe4e8e41472efb9efe1b2e1

  • SHA512

    a6c106b8f9ae85014e50c404d1147d16db83038feea707b35b69680de1044db7bd55eddacf3cebce03f11dda3930858836511c8db198eadd6558bbb7209e5455

  • SSDEEP

    12288:JpIk2iNj/SHzOaUfklMTviYEdSGe/k81Mgmcanb3aalo9:n1cH5UslGvpEIr881Muaua

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ntpi

Decoy

artmother.life

foau.store

pmcvis.cfd

deschene2014.com

hackconversationswapp.online

ticketsplus.fun

hdtun2671.com

dovelscharter.com

finestfactor.com

emelymcclure.autos

affiliatedwithnikki.com

transsexualchatrooms.com

marthaandmarlo.com

668111999.com

onaman.net

yesyeatoys.com

jamzcustom.com

reviewdaym.com

uoessgumh.top

login-bmo-secured-financial.com

Targets

    • Target

      7fed68ba146560f5393163d8398fe93f07073148efe4e8e41472efb9efe1b2e1

    • Size

      773KB

    • MD5

      b095eb42a3655295d6a2930ebfe86027

    • SHA1

      59c8ee670f9aaa5de19e6295ab95081ef1d72bc7

    • SHA256

      7fed68ba146560f5393163d8398fe93f07073148efe4e8e41472efb9efe1b2e1

    • SHA512

      a6c106b8f9ae85014e50c404d1147d16db83038feea707b35b69680de1044db7bd55eddacf3cebce03f11dda3930858836511c8db198eadd6558bbb7209e5455

    • SSDEEP

      12288:JpIk2iNj/SHzOaUfklMTviYEdSGe/k81Mgmcanb3aalo9:n1cH5UslGvpEIr881Muaua

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Detects executables packed with SmartAssembly

    • Formbook payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks