General

  • Target

    0b970eeae547c387822f30119aabda70N.exe

  • Size

    1.0MB

  • Sample

    240712-2xl15swgke

  • MD5

    0b970eeae547c387822f30119aabda70

  • SHA1

    62802a786351d6d50f37f14088fd70eab3c2968e

  • SHA256

    b7e70bb8f2c9e57840739fd9ec404d5bc0d16ff6d141b091f17317f7e308b876

  • SHA512

    95aadb55329e23403654d7e1db483308e4b42672a46b953d113c2187e09ddfc6031c6a85cdde3c439743ec2fabf739ca68f6aef2a4a09bd872347a563d6aa26c

  • SSDEEP

    24576:iAHnh+eWsN3skA4RV1Hom2KXMmHafbW2chd4Dp8A285:lh+ZkldoPK8YafKT495F

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ge34

Decoy

aporyb.com

mwquas.xyz

apps-83842.bond

enebrium-peptide.com

sevenslot777-al.xyz

rdt999.com

fgaxercq.xyz

hooksandline.com

nadiiadrinkscoffee.com

bt365131.com

vinfast-hanam.com

smooease.com

stcpharmasolution.lat

rent-to-own-us-006.space

baka88rtp.xyz

iloveher.net

72428.club

smkjfw.com

tactprograms.com

nhasachdoanhnhan.click

Targets

    • Target

      0b970eeae547c387822f30119aabda70N.exe

    • Size

      1.0MB

    • MD5

      0b970eeae547c387822f30119aabda70

    • SHA1

      62802a786351d6d50f37f14088fd70eab3c2968e

    • SHA256

      b7e70bb8f2c9e57840739fd9ec404d5bc0d16ff6d141b091f17317f7e308b876

    • SHA512

      95aadb55329e23403654d7e1db483308e4b42672a46b953d113c2187e09ddfc6031c6a85cdde3c439743ec2fabf739ca68f6aef2a4a09bd872347a563d6aa26c

    • SSDEEP

      24576:iAHnh+eWsN3skA4RV1Hom2KXMmHafbW2chd4Dp8A285:lh+ZkldoPK8YafKT495F

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks