General

  • Target

    P240842_P240843.exe

  • Size

    678KB

  • Sample

    240514-jd4gzafc6s

  • MD5

    a9d3bb0da3b9e0e7e58d67bd854600e1

  • SHA1

    509fa3635de1de3d6ed22535f79532e85e5fb625

  • SHA256

    b878010c65295ac447edb5249825bc8ef4ba872b9a584b3dfbe4ad8f25634bfb

  • SHA512

    5541c8dcfb35f567fdf929733cbb5879654c9fc401c1618abd3759eaac4851cfb98b0ee9dc3549d04aa4344801e1b107cc2f8114c8123436c8635921dc1b427d

  • SSDEEP

    12288:8dYMjhvPie/rByY77777777777770k1XD6iOyoFBeqhHkiQ9KnefFbVETaGo24cT:8dYMFniyy01X+leDKnefFbVETaGo21z/

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ht3d

Decoy

derlon.net

46gem.vip

bridal-heart-boutique.com

porarquitectura.com

durkal.online

9916k.vip

nativegarden.net

hoodjac.com

coachwunder.com

jutuowangluo.com

frankmontagna.com

jalenx.com

yhxg.net

brasserie-bro.com

whitecoatprivilege.com

sigmadriving.com

inhkipcmacau.com

freediveexperience.com

52iwin.com

aaditt.com

Targets

    • Target

      P240842_P240843.exe

    • Size

      678KB

    • MD5

      a9d3bb0da3b9e0e7e58d67bd854600e1

    • SHA1

      509fa3635de1de3d6ed22535f79532e85e5fb625

    • SHA256

      b878010c65295ac447edb5249825bc8ef4ba872b9a584b3dfbe4ad8f25634bfb

    • SHA512

      5541c8dcfb35f567fdf929733cbb5879654c9fc401c1618abd3759eaac4851cfb98b0ee9dc3549d04aa4344801e1b107cc2f8114c8123436c8635921dc1b427d

    • SSDEEP

      12288:8dYMjhvPie/rByY77777777777770k1XD6iOyoFBeqhHkiQ9KnefFbVETaGo24cT:8dYMFniyy01X+leDKnefFbVETaGo21z/

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks