General

  • Target

    c17477a67b72e26224a8670e25ce6bb06e2653e3adbf3797649c137ab855dc24.exe

  • Size

    746KB

  • Sample

    240711-dea9xsvfqj

  • MD5

    1e0cff1531ce4e7d86a7e9ddf44fbc51

  • SHA1

    b3faa19194515d6961f4cd96251ef484b7ed5ff7

  • SHA256

    c17477a67b72e26224a8670e25ce6bb06e2653e3adbf3797649c137ab855dc24

  • SHA512

    f92a3c89c171ceb564c50808af38bd51fd29aba9c3e1284b3d2ff07a22310416eaad060fa225ee50980b99d4d7b8e464bd78b6922247d8426c2170a13fe04014

  • SSDEEP

    12288:hoTCBq8jt7SS2dolHSSIbHnTvJ28RiZlvp3DIzF7G4sFAuJMPPFZ1VrPAmpL:hoTCBq8jt7SS2KlHSSEszvp3szF7p2xm

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

mc10

Decoy

sttcorp.one

jack88.lat

owl-protect.com

hnszrrn.com

at89v2.com

h147.top

takle4creators.com

fondsa.xyz

mantenopolice.com

shophansler.com

dessertt.com

thecollisionmagazine.com

tatesfluffyfrenchies.com

h1f2v.rest

bluewandltd.com

cuplaho2003.shop

2thetcleaningservice.com

yc85w.top

natursache.shop

allmyabilities.com

Targets

    • Target

      c17477a67b72e26224a8670e25ce6bb06e2653e3adbf3797649c137ab855dc24.exe

    • Size

      746KB

    • MD5

      1e0cff1531ce4e7d86a7e9ddf44fbc51

    • SHA1

      b3faa19194515d6961f4cd96251ef484b7ed5ff7

    • SHA256

      c17477a67b72e26224a8670e25ce6bb06e2653e3adbf3797649c137ab855dc24

    • SHA512

      f92a3c89c171ceb564c50808af38bd51fd29aba9c3e1284b3d2ff07a22310416eaad060fa225ee50980b99d4d7b8e464bd78b6922247d8426c2170a13fe04014

    • SSDEEP

      12288:hoTCBq8jt7SS2dolHSSIbHnTvJ28RiZlvp3DIzF7G4sFAuJMPPFZ1VrPAmpL:hoTCBq8jt7SS2KlHSSEszvp3szF7p2xm

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks