General

  • Target

    yEz94BK14pkJoFb.exe

  • Size

    621KB

  • Sample

    240719-j2pzgsthka

  • MD5

    ac8490eaba03ba2c60c7139487a363f1

  • SHA1

    179e162dbae6c485335c805d07ad25c07f6df871

  • SHA256

    e8a05062de1ccf4ae13ae370235b08b0d7b5ec5065f18afa236e3208bded45d5

  • SHA512

    1e73f031e5156b39947d273f7accf84180830252bbb9f764d0ef2129d4296580855837cf62fb3ca224f93ac950910dbb3c93da25c2c03d8cf5325cc0e9fa2767

  • SSDEEP

    12288:7HiuaKWgPginORy7Ps5DYnP1SHk5ezbK36Wy4hrB62XXKrj:GngoinUyODE5ezbK3by4JL

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ps15

Decoy

57797.asia

jhpwt.net

basketballdrillsforkids.com

zgzf6.rest

casinomaxnodepositbonus.icu

uptocryptonews.com

gomenasorry.com

fortanix.space

stripscity.xyz

genbotdiy.xyz

mayson-wedding.com

neb-hub.net

seancollinsmusic.com

migraine-treatment-57211.bond

prosperawoman.info

tradefairleads.tech

xn--yeminlitercme-6ob.com

xwaveevent.com

fashiontrendshub.xyz

window-replacement-80823.bond

Targets

    • Target

      yEz94BK14pkJoFb.exe

    • Size

      621KB

    • MD5

      ac8490eaba03ba2c60c7139487a363f1

    • SHA1

      179e162dbae6c485335c805d07ad25c07f6df871

    • SHA256

      e8a05062de1ccf4ae13ae370235b08b0d7b5ec5065f18afa236e3208bded45d5

    • SHA512

      1e73f031e5156b39947d273f7accf84180830252bbb9f764d0ef2129d4296580855837cf62fb3ca224f93ac950910dbb3c93da25c2c03d8cf5325cc0e9fa2767

    • SSDEEP

      12288:7HiuaKWgPginORy7Ps5DYnP1SHk5ezbK36Wy4hrB62XXKrj:GngoinUyODE5ezbK3by4JL

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks