General

  • Target

    102b700c68d1f53bbc0183caba3c8dc0N.exe

  • Size

    1.0MB

  • Sample

    240718-1glvrsxemp

  • MD5

    102b700c68d1f53bbc0183caba3c8dc0

  • SHA1

    205163a6ee3618857f28c927097ee57b04c5625f

  • SHA256

    ed2d32131b547da668a653db2fe6e7cb1f343c77ca9791d13da4e3b6252a580c

  • SHA512

    8ee62d062716185f61044333949db8f5c8fb00bb30975dfdad72f5441154de1dcf3f12d378647bc148979ec8de721a103f197c92018110ff23d4ad696812df34

  • SSDEEP

    24576:rtb20pkaCqT5TBWgNQ7aSftEDd6KnHLltP6A:oVg5tQ7aSfhYHx15

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

gb29

Decoy

deecentshop.xyz

agcpros.com

bzbbkmmf.xyz

marketprofissional.com

891237.com

hwqcoiu.xyz

ultimabet.store

nirikide.shop

rsstationary.com

sareease.com

genaidefense.com

mbn254.shop

92fwq.com

buses.life

zbcgf.shop

cheickfatoumata.com

jkendricksmusic.com

dokalopsia.digital

wr70.top

horebconstructioncorp.com

Targets

    • Target

      102b700c68d1f53bbc0183caba3c8dc0N.exe

    • Size

      1.0MB

    • MD5

      102b700c68d1f53bbc0183caba3c8dc0

    • SHA1

      205163a6ee3618857f28c927097ee57b04c5625f

    • SHA256

      ed2d32131b547da668a653db2fe6e7cb1f343c77ca9791d13da4e3b6252a580c

    • SHA512

      8ee62d062716185f61044333949db8f5c8fb00bb30975dfdad72f5441154de1dcf3f12d378647bc148979ec8de721a103f197c92018110ff23d4ad696812df34

    • SSDEEP

      24576:rtb20pkaCqT5TBWgNQ7aSftEDd6KnHLltP6A:oVg5tQ7aSfhYHx15

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks