General

  • Target

    59fe7f5e271c05fc8db382a3cbd11834eaf4ddcdf9c16349f18db11df84d59d5.exe

  • Size

    650KB

  • Sample

    240514-r25zpsbc6w

  • MD5

    caf4420a85ac94a5e849b729c8cabbe8

  • SHA1

    15514e5750a0e2b303c8319da6c95d43c2973097

  • SHA256

    59fe7f5e271c05fc8db382a3cbd11834eaf4ddcdf9c16349f18db11df84d59d5

  • SHA512

    bd9947d207de106dd644f1138ddd66f7a303808a1d4e80298da5bbf0021ff93f64b4d13cecbaed02019b945b7edc4cafddeb2d6dba9feba9da77de55a03dc4ed

  • SSDEEP

    12288:++7TeH81jJUVzVDbEGDvJsmBOl/35XVg63d7pi/Pq3dag8JyGHwfjIyLxT+kR:Ba8MVBUGTJsBlvPgx/2yJrHjyLxTl

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

cn26

Decoy

ajtsistemas.com

kolotylo.info

mraofficial.store

shopcupsareus.com

odishastatenews.in

yipicircle.life

bryve.shop

tempotrekstore.com

casinoslotsjoint.com

xiaoshuoxyz.com

art-birdsflyinghigh.com

odvip438.com

verlatservicios.com

bilocoin.world

lamaisonfacile.com

guojiang-v37.xyz

shsredgpoufnds.net

thequorumcompany.com

qf4h1tcpmgxor7b.skin

daisyjoanniezu.cyou

Targets

    • Target

      59fe7f5e271c05fc8db382a3cbd11834eaf4ddcdf9c16349f18db11df84d59d5.exe

    • Size

      650KB

    • MD5

      caf4420a85ac94a5e849b729c8cabbe8

    • SHA1

      15514e5750a0e2b303c8319da6c95d43c2973097

    • SHA256

      59fe7f5e271c05fc8db382a3cbd11834eaf4ddcdf9c16349f18db11df84d59d5

    • SHA512

      bd9947d207de106dd644f1138ddd66f7a303808a1d4e80298da5bbf0021ff93f64b4d13cecbaed02019b945b7edc4cafddeb2d6dba9feba9da77de55a03dc4ed

    • SSDEEP

      12288:++7TeH81jJUVzVDbEGDvJsmBOl/35XVg63d7pi/Pq3dag8JyGHwfjIyLxT+kR:Ba8MVBUGTJsBlvPgx/2yJrHjyLxTl

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks