General

  • Target

    nell.scr.exe

  • Size

    617KB

  • Sample

    240717-ldl9ssxemf

  • MD5

    bbb12cd2696ac986ad79c0116da987f4

  • SHA1

    802f65e20825ee6b2b5074e6084bc284241278d8

  • SHA256

    d8e6a83561b9d8dbe84de21795763589d2626904ac6406ddfe2dc2342c4edb8e

  • SHA512

    318e885d898a42b2751d387ba48b6fb359d3665d18637de48f35a53ea525bccbd1d9175a1f0429051d0a714ee887900ad3577db36d31d65f89ba7fb185484911

  • SSDEEP

    12288:G4ndmoGCQmm6f9NKxQYtwk+4oK40FxvBF4Ek3zCVbT/Z7p:TnghCFfHK99b/B6zyT

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

btrd

Decoy

everslane.com

prairieviewelectric.online

dszvhgd.com

papamuch.com

8129k.vip

jeffreestar.gold

bestguestrentals.com

nvzhuang1.net

anangtoto.com

yxfgor.top

practicalpoppers.com

thebestanglephotography.online

koormm.top

criika.net

audioflow.online

380747.net

jiuguanwang.net

bloxequities.com

v321c.com

sugar.monster

Targets

    • Target

      nell.scr.exe

    • Size

      617KB

    • MD5

      bbb12cd2696ac986ad79c0116da987f4

    • SHA1

      802f65e20825ee6b2b5074e6084bc284241278d8

    • SHA256

      d8e6a83561b9d8dbe84de21795763589d2626904ac6406ddfe2dc2342c4edb8e

    • SHA512

      318e885d898a42b2751d387ba48b6fb359d3665d18637de48f35a53ea525bccbd1d9175a1f0429051d0a714ee887900ad3577db36d31d65f89ba7fb185484911

    • SSDEEP

      12288:G4ndmoGCQmm6f9NKxQYtwk+4oK40FxvBF4Ek3zCVbT/Z7p:TnghCFfHK99b/B6zyT

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks