General

  • Target

    Video compilation of Previously Executed Projects.exe

  • Size

    1.0MB

  • Sample

    240514-mq61eacf94

  • MD5

    4bf8cec7b9259caf98331b42736b7fd9

  • SHA1

    beb1a54bf4c5a3548203899a75c2567db2516d58

  • SHA256

    8650787630e554e6390a6d98c7b556f36af59ce72998c4660cbec74091cb2b09

  • SHA512

    c9a4c788b4db2a2e98470d880bb66cd5a02950f10dd8c5034eb2bd46ef325bac565e1140a92fba32d5d2b2765277dfd9c63ec0f7639d84792049bc8b1947daf4

  • SSDEEP

    24576:4AHnh+eWsN3skA4RV1Hom2KXMmHa8Y5qGHLnPRMpqiA5:/h+ZkldoPK8Ya8YQmnPR2G

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

se63

Decoy

socratesandhisclouds.com

versioncolor.com

ytcp011.com

908511.vip

egysrvs.com

ky5682011.cc

kkuu14.icu

wavebsb.com

klikadelivery.com

jnbxbpq.com

5o8oh.us

hemule.net

techinf.xyz

bevage.club

we37h.com

tipsde.shop

48136.vip

bestcampertrailerbrands.com

fairmedics.in

quixonic.tech

Targets

    • Target

      Video compilation of Previously Executed Projects.exe

    • Size

      1.0MB

    • MD5

      4bf8cec7b9259caf98331b42736b7fd9

    • SHA1

      beb1a54bf4c5a3548203899a75c2567db2516d58

    • SHA256

      8650787630e554e6390a6d98c7b556f36af59ce72998c4660cbec74091cb2b09

    • SHA512

      c9a4c788b4db2a2e98470d880bb66cd5a02950f10dd8c5034eb2bd46ef325bac565e1140a92fba32d5d2b2765277dfd9c63ec0f7639d84792049bc8b1947daf4

    • SSDEEP

      24576:4AHnh+eWsN3skA4RV1Hom2KXMmHa8Y5qGHLnPRMpqiA5:/h+ZkldoPK8Ya8YQmnPR2G

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks