General

  • Target

    4ac278bf21df47be4528682e5697aff0N.exe

  • Size

    901KB

  • Sample

    240721-cl8ckasgjf

  • MD5

    4ac278bf21df47be4528682e5697aff0

  • SHA1

    8dfa9651e4bd2d8a32befaa04851005d46585b4c

  • SHA256

    f2b5226da4807974fd60640d715adf8679a271c08166e6bd61ebbb0e3209e7ff

  • SHA512

    02d0a79ecd133635e89025bfa594bf6fdffad18d690267b91e14e1190b404923b5316ae33f87f5947224bad3b76774c85b1cae34f4a6b1df970a1fc36c26c92f

  • SSDEEP

    24576:UsY7f30cHjW225TP+8X9xlgOyx32+Iary9KYsW:8f0+S2gyglgjmJ9KYsW

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ds92

Decoy

bitbwoer.icu

bnb777.vip

streambtw.life

tz29ih5n7.com

creditcard-mania.com

attogeneration.com

cyberlamas.online

younggraduateprograms.com

puppytraining.xyz

duruv.asia

mittun.video

codedrafters.com

jaipurplotflatvilla.com

comprardianabet.online

xinmeishe.com

oileddigital.com

ifneuaur.top

00050251.xyz

hensro.online

dztrjx.com

Targets

    • Target

      4ac278bf21df47be4528682e5697aff0N.exe

    • Size

      901KB

    • MD5

      4ac278bf21df47be4528682e5697aff0

    • SHA1

      8dfa9651e4bd2d8a32befaa04851005d46585b4c

    • SHA256

      f2b5226da4807974fd60640d715adf8679a271c08166e6bd61ebbb0e3209e7ff

    • SHA512

      02d0a79ecd133635e89025bfa594bf6fdffad18d690267b91e14e1190b404923b5316ae33f87f5947224bad3b76774c85b1cae34f4a6b1df970a1fc36c26c92f

    • SSDEEP

      24576:UsY7f30cHjW225TP+8X9xlgOyx32+Iary9KYsW:8f0+S2gyglgjmJ9KYsW

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Formbook payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks