General

  • Target

    cda5e0d0d9a0ca874d36252cc4929cb0_NeikiAnalytics

  • Size

    1.0MB

  • Sample

    240514-t57c2seh93

  • MD5

    cda5e0d0d9a0ca874d36252cc4929cb0

  • SHA1

    84a27cab701ea27973ecc39622899fae9dcfdb9d

  • SHA256

    f3503a9ede890e8522fbcf41a0214569b76017e17005dce15e03404a645ba055

  • SHA512

    639875012fed67a8388cc57c1aee345f23a4fb7205d00112e280662891dc695d65bf455eb0c97a791b3ab1861b18288aec2db6580c26b782cdb461854ea5ea17

  • SSDEEP

    24576:94lavt0LkLL9IMixoEgea/F/tG4S37yFyBq9MmCS:Ukwkn9IMHea/5qyAaPCS

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

se62

Decoy

wkb41961shv.com

bdsxm.com

renovationslandscaping.info

qhsmgysm.com

fetbody.com

injured444.live

teensfeel.us

zi59wp1h.com

dfrtrucking.com

16milevet.com

patternzi.com

homeinsectcontrolpros.com

alcosa-peru.com

rmicompletesolutions.co.za

nnhealthhk.com

fitversus.com

hgxaf155.com

hizlitakibin.com

kjhwbk.top

gokarpemed.com

Targets

    • Target

      cda5e0d0d9a0ca874d36252cc4929cb0_NeikiAnalytics

    • Size

      1.0MB

    • MD5

      cda5e0d0d9a0ca874d36252cc4929cb0

    • SHA1

      84a27cab701ea27973ecc39622899fae9dcfdb9d

    • SHA256

      f3503a9ede890e8522fbcf41a0214569b76017e17005dce15e03404a645ba055

    • SHA512

      639875012fed67a8388cc57c1aee345f23a4fb7205d00112e280662891dc695d65bf455eb0c97a791b3ab1861b18288aec2db6580c26b782cdb461854ea5ea17

    • SSDEEP

      24576:94lavt0LkLL9IMixoEgea/F/tG4S37yFyBq9MmCS:Ukwkn9IMHea/5qyAaPCS

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks