General

  • Target

    2200b8da7972eb3348a0088d1b8147c0N.exe

  • Size

    772KB

  • Sample

    240714-z8qglatgmp

  • MD5

    2200b8da7972eb3348a0088d1b8147c0

  • SHA1

    0ba3ddefd855519594cc6865ea4ebd9ce5bdb235

  • SHA256

    3335161ade4a4cc3865415f0e0b15e9fcedfd2ea6341b6d2d3848bd1e3b5d607

  • SHA512

    554d59e17aca85ff1be7d4892d59c7b867f9c2c6be2fbf32501034bffc437f6c75570ad31aa4c0054833a405f03e0d749602072fcf0d6af7fd3235381cc732c4

  • SSDEEP

    24576:t0mljjkY881WPQSiyQt1GUS25p97k6ni:iM3kN895t1Gy5pxk6

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

qt22

Decoy

tryventura.co

cashstash.online

keiramcwilliams.site

ytdnb558.com

huq.homes

ib999.cc

ivy001.com

militaryjobs.site

mfhospitality.net

landtour-outdoor.com

cosmicdustclub.com

ssskjv.com

bigremporium.com

network221.com

thegfshops.com

iase.in

alliednp.com

tprovenance.io

massimaidratazione.com

dominodarts.com

Targets

    • Target

      2200b8da7972eb3348a0088d1b8147c0N.exe

    • Size

      772KB

    • MD5

      2200b8da7972eb3348a0088d1b8147c0

    • SHA1

      0ba3ddefd855519594cc6865ea4ebd9ce5bdb235

    • SHA256

      3335161ade4a4cc3865415f0e0b15e9fcedfd2ea6341b6d2d3848bd1e3b5d607

    • SHA512

      554d59e17aca85ff1be7d4892d59c7b867f9c2c6be2fbf32501034bffc437f6c75570ad31aa4c0054833a405f03e0d749602072fcf0d6af7fd3235381cc732c4

    • SSDEEP

      24576:t0mljjkY881WPQSiyQt1GUS25p97k6ni:iM3kN895t1Gy5pxk6

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks