General

  • Target

    3deae48efc470b46d9f670adf73aef681dc1f241d17d8c948b48167967b0e951

  • Size

    628KB

  • Sample

    240517-gn2p1sce2y

  • MD5

    fd5f3f4661230104b574b2f719b218eb

  • SHA1

    50f2453a4ad9c6cc74e9d493d1e187bc5197ea97

  • SHA256

    3deae48efc470b46d9f670adf73aef681dc1f241d17d8c948b48167967b0e951

  • SHA512

    8f2f63fdf71fb0cce21402d8c2c2fff2043f4c2cf40f77dadd41d40211956e56ce28edc449f6c1e482fb923d66c4c62cd796b3c8bb0f38ed51ea328d9680fd62

  • SSDEEP

    12288:kj/79XNutdy0jaK8J7HrF7lzNDfXaUXRDppEg6HElGoPN7XoCZXoGoHocrUcIDKx:kV9u60EJfRltXXSgeEHPNzXEIcrUcIDa

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

se63

Decoy

socratesandhisclouds.com

versioncolor.com

ytcp011.com

908511.vip

egysrvs.com

ky5682011.cc

kkuu14.icu

wavebsb.com

klikadelivery.com

jnbxbpq.com

5o8oh.us

hemule.net

techinf.xyz

bevage.club

we37h.com

tipsde.shop

48136.vip

bestcampertrailerbrands.com

fairmedics.in

quixonic.tech

Targets

    • Target

      68773735efbd467e3286df5cbd2cc678926f0821ebbc9c2633b215b31d0b7d45.exe

    • Size

      1.0MB

    • MD5

      4bcaa831d3aed104046c10e47dc8850e

    • SHA1

      4f9e1249c407dbd9c0669f3158519eed96ae5980

    • SHA256

      68773735efbd467e3286df5cbd2cc678926f0821ebbc9c2633b215b31d0b7d45

    • SHA512

      332f8ac217cbcd1ddf94c0d782ac33eefb4578faedc99bcd88afbeac304b5efed16920c4e9403806f3214c16c1ccb05143279a204e846b1d6562206d7bdeae14

    • SSDEEP

      24576:0AHnh+eWsN3skA4RV1Hom2KXMmHa5ZchzV/S5:Dh+ZkldoPK8Ya5Zo5A

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks