General

  • Target

    9df58df76c5826af2a9357287869e0f7.bin

  • Size

    591KB

  • Sample

    240516-dj7tpahe3z

  • MD5

    9b2305438c4e666ab49b17b4b5babf02

  • SHA1

    27a838819c2b767cec2a7469b729a58c857ae4df

  • SHA256

    7416647e8ad9b50cc3a8da41679abefc154798e0536587c9795bde7f9ea90591

  • SHA512

    4d7c225b19c660d5e2220acef721ea922763f9b2793373eba7f584245d8b5115a4039e93ecf1acf983b6a5a98bb03e0407a102d139289af6830312a6f7429636

  • SSDEEP

    12288:aMAJovD3qFoPn4sOqX/wEyuTeJ7VTveJSo9+fZoj8V5uv:aMBLaQdOayuTMcJSyWuv

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ij84

Decoy

resetter.xyz

simonbelanger.me

kwip.xyz

7dbb9.baby

notion-everyday.com

saftiwall.com

pulse-gaming.com

fafafa1.shop

ihaveahole.com

sxtzzj.com

996688x.xyz

komalili.monster

haberdashere.store

nurselifegng.com

kidtryz.com

ghvx.xyz

1minvideopro.com

hidef.group

stylishbeststyler.space

spx21.com

Targets

    • Target

      6a220dfe065da94494e1f5a94311bdba17f6f56d66f40ca39af817798fea09af.exe

    • Size

      763KB

    • MD5

      9df58df76c5826af2a9357287869e0f7

    • SHA1

      c2d804fdeefc82563b51c04870b49cc998588712

    • SHA256

      6a220dfe065da94494e1f5a94311bdba17f6f56d66f40ca39af817798fea09af

    • SHA512

      2f0a90bdf8748d4c616b0568ddbb9043dedbb536a5902cec3e6693ed37ba94fb2aec42c514722f09589d27d5bdb1bbe3c3c4d3338386459348ad695465b9f494

    • SSDEEP

      12288:eQDFTPiULBMzvlKXj3Z+ka1XmrpVMSTUplRYgK+CVINEX9yKBg7vjG:HPh2NKXj8tVmpmGUpXYfia9yKe/

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks