General

  • Target

    MalwareBazaar.2

  • Size

    748KB

  • Sample

    240710-htvz4avhqe

  • MD5

    3c2dbb5b40ca37451f06e36bf4b496a0

  • SHA1

    9acc4b7410121a7847434716ff330a3abad9af88

  • SHA256

    3796cd93f800a4c068bbadb4da09c577330fc49f0fdd171ef3bfffee0b3b555b

  • SHA512

    32b10d6c985c3a392783368f81a71ebe78521627880d209872e3e2c245398ffb37cad68f4c44eb4eaa6a015fbda2a82dd9f60e863209bcb7f1053499e170a38d

  • SSDEEP

    12288:oTCBq8jt7SS2dolHSStp5FSC86mNA6w9Qwg1ZrGYRaHRPGy+Me3NbHr9:oTCBq8jt7SS2KlHSStQC85S41ZPaHR+J

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

dy13

Decoy

manga-house.com

kjsdhklssk51.xyz

b0ba138.xyz

bt365033.com

ccbsinc.net

mrwine.xyz

nrxkrd527o.xyz

hoshi.social

1912ai.com

serco2020.com

byfchfyr.xyz

imuschestvostorgov.online

austinheafey.com

mrdfa.club

883106.photos

profitablefxmarkets.com

taini00.net

brye.top

ginsm.com

sportglid.com

Targets

    • Target

      MalwareBazaar.2

    • Size

      748KB

    • MD5

      3c2dbb5b40ca37451f06e36bf4b496a0

    • SHA1

      9acc4b7410121a7847434716ff330a3abad9af88

    • SHA256

      3796cd93f800a4c068bbadb4da09c577330fc49f0fdd171ef3bfffee0b3b555b

    • SHA512

      32b10d6c985c3a392783368f81a71ebe78521627880d209872e3e2c245398ffb37cad68f4c44eb4eaa6a015fbda2a82dd9f60e863209bcb7f1053499e170a38d

    • SSDEEP

      12288:oTCBq8jt7SS2dolHSStp5FSC86mNA6w9Qwg1ZrGYRaHRPGy+Me3NbHr9:oTCBq8jt7SS2KlHSStQC85S41ZPaHR+J

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Blocklisted process makes network request

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks