General

  • Target

    d16d34e4b1d1ef563842f3a0e691642da9f814bf240827e704caa57dc3106db0.zip

  • Size

    585KB

  • Sample

    240714-l3amasycne

  • MD5

    3397986f06999595d5fa0ebe12397931

  • SHA1

    26b52a588dfe52e58cea432cf71ad3722481ddd1

  • SHA256

    ee6ff36a258348f1942c0d31e8eb460fdb368e99953307f7acb3b15a74ff628f

  • SHA512

    5687826288a73113eb41fe9b880a0940d525b9bfe916da308b2c4aeaf10840445ad0927a45ce72aab178b016c3c4dbf74a78d0d67f563c3c44b757fbc6e783ba

  • SSDEEP

    12288:gg4Ci1bM2g8+QFLz0MYEr9zD4uTjAtt14mcbjiG/LrEmNS2eU6RVuF:tti1bM2g82E5dTjAttXcbmG/LrEmg2ek

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

rn94

Decoy

st68v.xyz

conciergenotary.net

qwechaotk.top

rtpdonatoto29.xyz

8ad.xyz

powermove.top

cameras-30514.bond

vanguardcoffee.shop

umoe53fxc1bsujv.buzz

consultoriamax.net

hplxx.com

ndu.wtf

yzh478c.xyz

bigbrown999.site

xiake07.asia

resdai.xyz

the35678.shop

ba6rf.rest

ceo688.com

phimxhot.xyz

Targets

    • Target

      d16d34e4b1d1ef563842f3a0e691642da9f814bf240827e704caa57dc3106db0.exe

    • Size

      703KB

    • MD5

      ef21d03f6847389f89c057fd2dee4ba0

    • SHA1

      ab5de0026cb731e285d937a70bb1b16f5a2bb811

    • SHA256

      d16d34e4b1d1ef563842f3a0e691642da9f814bf240827e704caa57dc3106db0

    • SHA512

      84eb7f2dbc4de6619e7bcacdd97c6cf475a3ad4bd57da4a1969fa174553ecbc1d595fc0c94f3556244ff0d0c5e7c6ac45c14238a2bb3304c9429ff53b10fca77

    • SSDEEP

      12288:PdRLYVK+orvCrf9Sq/a4HUAiQ3qN0rPtD/0xCRFXcdjoKNl9NVPmHFmpfaO:PLL1+dsLjAM2WxCRFcp79N8spfD

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks