General

  • Target

    tmptumvpf31

  • Size

    938KB

  • Sample

    240514-xnm5mabh62

  • MD5

    4867f3171e6b8d58533db4c4de30297f

  • SHA1

    c02f67dd7b0e656267c89037da94fe435e7ae0d6

  • SHA256

    c36692d2645490d8a046cfe62f302ab0959893f85d35a93a90f8dfa901dd236f

  • SHA512

    83da590154d53c6fa8c664af4323070f4e78569386f6dc2296543df531b0013e5605dc6f5de7bb3f8ab007a10acc13d726206a32320a8aa49548a8173b1877ba

  • SSDEEP

    12288:AM9wggCbvAaUFU28u/gz0R2Jpy0fTS7DXE4jmD/V8v5wK+CVINMX9yKBg7vj:AfIJYU2V/6pyCOD3jm4Piq9yKe/

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ij84

Decoy

resetter.xyz

simonbelanger.me

kwip.xyz

7dbb9.baby

notion-everyday.com

saftiwall.com

pulse-gaming.com

fafafa1.shop

ihaveahole.com

sxtzzj.com

996688x.xyz

komalili.monster

haberdashere.store

nurselifegng.com

kidtryz.com

ghvx.xyz

1minvideopro.com

hidef.group

stylishbeststyler.space

spx21.com

Targets

    • Target

      tmptumvpf31

    • Size

      938KB

    • MD5

      4867f3171e6b8d58533db4c4de30297f

    • SHA1

      c02f67dd7b0e656267c89037da94fe435e7ae0d6

    • SHA256

      c36692d2645490d8a046cfe62f302ab0959893f85d35a93a90f8dfa901dd236f

    • SHA512

      83da590154d53c6fa8c664af4323070f4e78569386f6dc2296543df531b0013e5605dc6f5de7bb3f8ab007a10acc13d726206a32320a8aa49548a8173b1877ba

    • SSDEEP

      12288:AM9wggCbvAaUFU28u/gz0R2Jpy0fTS7DXE4jmD/V8v5wK+CVINMX9yKBg7vj:AfIJYU2V/6pyCOD3jm4Piq9yKe/

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks