General

  • Target

    MalwareBazaar.1

  • Size

    628KB

  • Sample

    240722-aayyms1fmd

  • MD5

    288813505fd612c8dae5d9932c64447e

  • SHA1

    e336ab18241a797d6bc1076e77416b1ad997d5f9

  • SHA256

    cace38992f0a82988e265762b5ecbff372d4bb0909bcd23ce35979dcd50d8ea4

  • SHA512

    65fdbfef0be185249294971137015d95119c7934b6ab5846599863c88c15a3784e37e5adf400d442bc7e569fbc8d5ca76e60d6f3a747537aea1f700948b1b679

  • SSDEEP

    12288:uyH9zA2rFvqE1txuK37XKtQz/XEJ/PeQMCqRPUvyVr4Vv3vtgnxj:bhAWRqytnjKqLXnrCqdUS8XUxj

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ty31

Decoy

jejakunik.com

inb319.com

jifsjn.buzz

gkyukon.site

43443.cfd

cogil69id.com

oeaog.com

lpgatm.com

mymarketsales.com

tomclk.icu

404417.online

nysconstruction.com

ourwisequote.com

ahsanadvisory.com

ottawaherps.com

forevermust.com

apartments-for-rent-47679.bond

kdasjijaksdd.icu

buthaynah.com

manggungjayakanopi.com

Targets

    • Target

      Salary Increase.exe

    • Size

      1.0MB

    • MD5

      83759232874676063ca07f71a214ba6d

    • SHA1

      662fc90d52e4d9db2ca89b4eccbec7948a25f9f3

    • SHA256

      55911205edcecf1a4337052e070334ad0dfb5b651cb980122a963b811aeda078

    • SHA512

      57eae1f72dcf701fea500bf01fc5bd908e93143d5356a3061c4f51e28d554507eff7b190211caa96e9a5a93d34ca612a0a52452e9aaeaaa01e8b45894e9e610c

    • SSDEEP

      24576:BAHnh+eWsN3skA4RV1Hom2KXMmHabbr6qd0SinFd5:Yh+ZkldoPK8YabfDd0V

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks