General

  • Target

    rfq27462##.exe

  • Size

    1.0MB

  • Sample

    240717-jv913s1hrq

  • MD5

    3f7dbf7df8009d3da5038bbf74a33bee

  • SHA1

    93537e6dcaefff4dbc3981ce46d5aa72924948bc

  • SHA256

    db75da76893e862899d0153d196b570dae368bb1e3623ed9895ead7110922e3a

  • SHA512

    48c740c10aafc936d349cecab510523f70a4874754e217b98c04860305c7fef8d1dd1b3245d2d95dd1ad9bb625f94d9b292ca015712f08bc2fa6d39cae000b47

  • SSDEEP

    24576:yAHnh+eWsN3skA4RV1Hom2KXMmHa8pqDDYDbVpwT5:1h+ZkldoPK8Ya8iYDpp8

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ts59

Decoy

hgptgz684w.top

gas39.pro

totalcow.com

76466.club

ssweatstudio.com

nr35.top

hmstr-drop.site

kjsdhklssk13.xyz

lostaino.com

athenamotel.info

9332946.com

ec-delivery-jobs-8j.bond

complaix.com

824go.com

checkout4xgrow.shop

modleavedepts.online

shoedio54.com

topallinoneaccounting.com

texhio.online

cn-brand.com

Targets

    • Target

      rfq27462##.exe

    • Size

      1.0MB

    • MD5

      3f7dbf7df8009d3da5038bbf74a33bee

    • SHA1

      93537e6dcaefff4dbc3981ce46d5aa72924948bc

    • SHA256

      db75da76893e862899d0153d196b570dae368bb1e3623ed9895ead7110922e3a

    • SHA512

      48c740c10aafc936d349cecab510523f70a4874754e217b98c04860305c7fef8d1dd1b3245d2d95dd1ad9bb625f94d9b292ca015712f08bc2fa6d39cae000b47

    • SSDEEP

      24576:yAHnh+eWsN3skA4RV1Hom2KXMmHa8pqDDYDbVpwT5:1h+ZkldoPK8Ya8iYDpp8

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks