General

  • Target

    acb58cf1f819372ca5f461636f47ef790ec5d2748a5eaa3676104e46cdca1b19

  • Size

    480KB

  • Sample

    240524-mgxqdadg43

  • MD5

    6d7ada8915023eb188f47444a77d169d

  • SHA1

    f87023a7c0de6b0ff4b0b2b799e58f41b938c332

  • SHA256

    acb58cf1f819372ca5f461636f47ef790ec5d2748a5eaa3676104e46cdca1b19

  • SHA512

    d37cf81df8f8dc64c5d5f0d68a2ad428b7d7d31658dd6980bc27db0d3dbc3ef44776012ea72feafc1c3348b0c9cd3599ce89168aa7edd992769dca26a98cc084

  • SSDEEP

    12288:TEqy7sSW7kNUhBiTL1wuG2YVkp455oaomdIbTbq:TE5wzAQUTO/2SkpWon

Malware Config

Extracted

Family

formbook

Version

3.9

Campaign

ai

Decoy

theapschool.com

riseupfloridakeys.com

xn--mgbb2awa9dm20i.com

apnee-coach.com

christianmarketinggifts.com

eurothereum.biz

solutionfull.com

equifaxqsecurity2017.com

roboeye-tech.com

living-isar.immo

cable-online-zone.sale

parfumirza.com

civilizationsprice.com

zealasia.com

billet-bateau-tanger.com

andrewkurtsummers.net

darylandkaitlyn.com

ddaak.com

seattlepetadventures.com

iopuern.online

Targets

    • Target

      acb58cf1f819372ca5f461636f47ef790ec5d2748a5eaa3676104e46cdca1b19

    • Size

      480KB

    • MD5

      6d7ada8915023eb188f47444a77d169d

    • SHA1

      f87023a7c0de6b0ff4b0b2b799e58f41b938c332

    • SHA256

      acb58cf1f819372ca5f461636f47ef790ec5d2748a5eaa3676104e46cdca1b19

    • SHA512

      d37cf81df8f8dc64c5d5f0d68a2ad428b7d7d31658dd6980bc27db0d3dbc3ef44776012ea72feafc1c3348b0c9cd3599ce89168aa7edd992769dca26a98cc084

    • SSDEEP

      12288:TEqy7sSW7kNUhBiTL1wuG2YVkp455oaomdIbTbq:TE5wzAQUTO/2SkpWon

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks