General

  • Target

    06b48ac9172279cf7eb70a6d9ff15c30N.exe

  • Size

    603KB

  • Sample

    240711-zc8cjasgrp

  • MD5

    06b48ac9172279cf7eb70a6d9ff15c30

  • SHA1

    badf55aaa4193ad376fdcbdf17a2ada34d5b1768

  • SHA256

    3c530a35c470947ac248c63cc58f6eef1adef690d9aacdab86033e0781b4508d

  • SHA512

    ef51f9c2038b3b4a12075f718a919bfdf6867c9d1007fca60484047b64ce26f016a7f2e8aa00c42bb0cd0419e4ae03acf52f852ef8c5a00ed5ec1455cc9ca938

  • SSDEEP

    12288:W+DzsiMGcdB7QlWde8EkzSgPrKoV5nD3uu6Jxme5QH5N5ZMijh96yA:W+DDxcP7QlTRoKsFT0Jxm4ST5ZHX0

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

mc10

Decoy

sttcorp.one

jack88.lat

owl-protect.com

hnszrrn.com

at89v2.com

h147.top

takle4creators.com

fondsa.xyz

mantenopolice.com

shophansler.com

dessertt.com

thecollisionmagazine.com

tatesfluffyfrenchies.com

h1f2v.rest

bluewandltd.com

cuplaho2003.shop

2thetcleaningservice.com

yc85w.top

natursache.shop

allmyabilities.com

Targets

    • Target

      06b48ac9172279cf7eb70a6d9ff15c30N.exe

    • Size

      603KB

    • MD5

      06b48ac9172279cf7eb70a6d9ff15c30

    • SHA1

      badf55aaa4193ad376fdcbdf17a2ada34d5b1768

    • SHA256

      3c530a35c470947ac248c63cc58f6eef1adef690d9aacdab86033e0781b4508d

    • SHA512

      ef51f9c2038b3b4a12075f718a919bfdf6867c9d1007fca60484047b64ce26f016a7f2e8aa00c42bb0cd0419e4ae03acf52f852ef8c5a00ed5ec1455cc9ca938

    • SSDEEP

      12288:W+DzsiMGcdB7QlWde8EkzSgPrKoV5nD3uu6Jxme5QH5N5ZMijh96yA:W+DDxcP7QlTRoKsFT0Jxm4ST5ZHX0

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks