General

  • Target

    55f9cc768d78fcb9cd15157720f4a060_NeikiAnalytics

  • Size

    1.1MB

  • Sample

    240512-za94caeh7y

  • MD5

    55f9cc768d78fcb9cd15157720f4a060

  • SHA1

    1b69833fba6610ea649a08894b418c50663df1ec

  • SHA256

    8a1b3f8696c61b5e839309a05eb20754b164f10714372524f8b469760cb743c5

  • SHA512

    8a7aa784a7b7a2e2e07b43105c37d29157fc8a37efd3e5bfb8051948c534bc1d37623226cc289355ce99ae15dbb3f8af0bc33630a3d0e702162c47c4b322d317

  • SSDEEP

    24576:lAHnh+eWsN3skA4RV1Hom2KXMmHasaHn5cTTz4Cr7sWMd5:Uh+ZkldoPK8YasaHSIbWK

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

se62

Decoy

wkb41961shv.com

bdsxm.com

renovationslandscaping.info

qhsmgysm.com

fetbody.com

injured444.live

teensfeel.us

zi59wp1h.com

dfrtrucking.com

16milevet.com

patternzi.com

homeinsectcontrolpros.com

alcosa-peru.com

rmicompletesolutions.co.za

nnhealthhk.com

fitversus.com

hgxaf155.com

hizlitakibin.com

kjhwbk.top

gokarpemed.com

Targets

    • Target

      55f9cc768d78fcb9cd15157720f4a060_NeikiAnalytics

    • Size

      1.1MB

    • MD5

      55f9cc768d78fcb9cd15157720f4a060

    • SHA1

      1b69833fba6610ea649a08894b418c50663df1ec

    • SHA256

      8a1b3f8696c61b5e839309a05eb20754b164f10714372524f8b469760cb743c5

    • SHA512

      8a7aa784a7b7a2e2e07b43105c37d29157fc8a37efd3e5bfb8051948c534bc1d37623226cc289355ce99ae15dbb3f8af0bc33630a3d0e702162c47c4b322d317

    • SSDEEP

      24576:lAHnh+eWsN3skA4RV1Hom2KXMmHasaHn5cTTz4Cr7sWMd5:Uh+ZkldoPK8YasaHSIbWK

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks