General

  • Target

    839098d2b42765abf8c1066900745e03a0da338c.exe

  • Size

    1.6MB

  • Sample

    240716-rp8vtsxakl

  • MD5

    58f6371fad0f06a8c78026ca2d44e7ee

  • SHA1

    839098d2b42765abf8c1066900745e03a0da338c

  • SHA256

    42039b6edc8a92257987047991f1c99eac490366de4e22ff5f0c3fd8fa31135a

  • SHA512

    d59565f0cf902ed54d5cacceff3f29ec78f824c792d5ae75677f26efec825187f0b6356b70a3005df9d8015904fb4c8398c8e499659c2168fccd77a976736aaa

  • SSDEEP

    24576:1Hb5Bli50xv2T4EM9X0cjRjFmhco/ZyFvaZjeCi8DI/fdKFZA16GSbxpSA07YN3O:9b5W+uWRhKV4FceCxyKFZo

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

dn03

Decoy

almouranipainting.com

cataloguia.shop

zaparielectric.com

whcqsc.com

ioco.in

aduredmond.com

vavada611a.fun

humtivers.com

jewellerytml.com

mcapitalparticipacoes.com

inhlcq.shop

solanamall.xyz

moviepropgroup.com

thegenesis.ltd

cyberxdefend.com

skinbykoco.com

entermintlead.com

honestaireviews.com

wyclhj7gqfustzp.buzz

w937xb.com

Targets

    • Target

      839098d2b42765abf8c1066900745e03a0da338c.exe

    • Size

      1.6MB

    • MD5

      58f6371fad0f06a8c78026ca2d44e7ee

    • SHA1

      839098d2b42765abf8c1066900745e03a0da338c

    • SHA256

      42039b6edc8a92257987047991f1c99eac490366de4e22ff5f0c3fd8fa31135a

    • SHA512

      d59565f0cf902ed54d5cacceff3f29ec78f824c792d5ae75677f26efec825187f0b6356b70a3005df9d8015904fb4c8398c8e499659c2168fccd77a976736aaa

    • SSDEEP

      24576:1Hb5Bli50xv2T4EM9X0cjRjFmhco/ZyFvaZjeCi8DI/fdKFZA16GSbxpSA07YN3O:9b5W+uWRhKV4FceCxyKFZo

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks