General

  • Target

    66c43859b6e874fe212ee69eab9532f2fbae9c3edc415d7f0438acd591ff9d81.exe

  • Size

    617KB

  • Sample

    240720-l7qt3sxdnn

  • MD5

    73ebd7705e3538a76ad57dfb759c6967

  • SHA1

    346b7c4734aed318aaf16a4745dfedc0b9156195

  • SHA256

    66c43859b6e874fe212ee69eab9532f2fbae9c3edc415d7f0438acd591ff9d81

  • SHA512

    18a20b065a9778d0aace772b8019eb29710bbbe111bb3ed0561f2224cfcb2109a04dc7e07c399f7f719072ae4bfbfc97f3ac0c0c95fda4000b6689e09aa1f63c

  • SSDEEP

    12288:BiN882BM61ChlhMN04e/A1/5Ma9hzoY2xWot/WSU51K+a6n9LjiN:Bu2Bkvue/y5HhsoeeS+N9

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ps15

Decoy

57797.asia

jhpwt.net

basketballdrillsforkids.com

zgzf6.rest

casinomaxnodepositbonus.icu

uptocryptonews.com

gomenasorry.com

fortanix.space

stripscity.xyz

genbotdiy.xyz

mayson-wedding.com

neb-hub.net

seancollinsmusic.com

migraine-treatment-57211.bond

prosperawoman.info

tradefairleads.tech

xn--yeminlitercme-6ob.com

xwaveevent.com

fashiontrendshub.xyz

window-replacement-80823.bond

Targets

    • Target

      66c43859b6e874fe212ee69eab9532f2fbae9c3edc415d7f0438acd591ff9d81.exe

    • Size

      617KB

    • MD5

      73ebd7705e3538a76ad57dfb759c6967

    • SHA1

      346b7c4734aed318aaf16a4745dfedc0b9156195

    • SHA256

      66c43859b6e874fe212ee69eab9532f2fbae9c3edc415d7f0438acd591ff9d81

    • SHA512

      18a20b065a9778d0aace772b8019eb29710bbbe111bb3ed0561f2224cfcb2109a04dc7e07c399f7f719072ae4bfbfc97f3ac0c0c95fda4000b6689e09aa1f63c

    • SSDEEP

      12288:BiN882BM61ChlhMN04e/A1/5Ma9hzoY2xWot/WSU51K+a6n9LjiN:Bu2Bkvue/y5HhsoeeS+N9

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks