General

  • Target

    8tvMmyxveyzFcnJ.exe

  • Size

    561KB

  • Sample

    240710-l571ks1fpq

  • MD5

    fff69b0890fc5c9c754e17d06deb5216

  • SHA1

    e3b4644bd7f114a830ec649edbed92a437a81673

  • SHA256

    a8fe32e805d1e0a0a61e2763308b01be24656f9bd356a863b174ce61e32d9a7e

  • SHA512

    a799abf32f8ede0cf805cff84961ded989b899ccfa44214ad17d4a9912ee650cac6f75b1462fbcc465b47397578eecb5f5998ee24c9694bfe2a7929549040088

  • SSDEEP

    12288:DHch5SCsLxfmoaaKB0eN3lvGIW4CO7MEMVbQsJeo6Bcd0Xp4e:zIfQHNKB0e9luIybQKXLd0m

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

mc10

Decoy

sttcorp.one

jack88.lat

owl-protect.com

hnszrrn.com

at89v2.com

h147.top

takle4creators.com

fondsa.xyz

mantenopolice.com

shophansler.com

dessertt.com

thecollisionmagazine.com

tatesfluffyfrenchies.com

h1f2v.rest

bluewandltd.com

cuplaho2003.shop

2thetcleaningservice.com

yc85w.top

natursache.shop

allmyabilities.com

Targets

    • Target

      8tvMmyxveyzFcnJ.exe

    • Size

      561KB

    • MD5

      fff69b0890fc5c9c754e17d06deb5216

    • SHA1

      e3b4644bd7f114a830ec649edbed92a437a81673

    • SHA256

      a8fe32e805d1e0a0a61e2763308b01be24656f9bd356a863b174ce61e32d9a7e

    • SHA512

      a799abf32f8ede0cf805cff84961ded989b899ccfa44214ad17d4a9912ee650cac6f75b1462fbcc465b47397578eecb5f5998ee24c9694bfe2a7929549040088

    • SSDEEP

      12288:DHch5SCsLxfmoaaKB0eN3lvGIW4CO7MEMVbQsJeo6Bcd0Xp4e:zIfQHNKB0e9luIybQKXLd0m

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks