Resubmissions

22-07-2024 00:12

240722-ahfr2avamn 10

22-07-2024 00:12

240722-ag7t5avalp 5

21-07-2024 23:42

240721-3pzspstann 10

General

  • Target

    Salary Increase.exe

  • Size

    1.0MB

  • Sample

    240722-ahfr2avamn

  • MD5

    83759232874676063ca07f71a214ba6d

  • SHA1

    662fc90d52e4d9db2ca89b4eccbec7948a25f9f3

  • SHA256

    55911205edcecf1a4337052e070334ad0dfb5b651cb980122a963b811aeda078

  • SHA512

    57eae1f72dcf701fea500bf01fc5bd908e93143d5356a3061c4f51e28d554507eff7b190211caa96e9a5a93d34ca612a0a52452e9aaeaaa01e8b45894e9e610c

  • SSDEEP

    24576:BAHnh+eWsN3skA4RV1Hom2KXMmHabbr6qd0SinFd5:Yh+ZkldoPK8YabfDd0V

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ty31

Decoy

jejakunik.com

inb319.com

jifsjn.buzz

gkyukon.site

43443.cfd

cogil69id.com

oeaog.com

lpgatm.com

mymarketsales.com

tomclk.icu

404417.online

nysconstruction.com

ourwisequote.com

ahsanadvisory.com

ottawaherps.com

forevermust.com

apartments-for-rent-47679.bond

kdasjijaksdd.icu

buthaynah.com

manggungjayakanopi.com

Targets

    • Target

      Salary Increase.exe

    • Size

      1.0MB

    • MD5

      83759232874676063ca07f71a214ba6d

    • SHA1

      662fc90d52e4d9db2ca89b4eccbec7948a25f9f3

    • SHA256

      55911205edcecf1a4337052e070334ad0dfb5b651cb980122a963b811aeda078

    • SHA512

      57eae1f72dcf701fea500bf01fc5bd908e93143d5356a3061c4f51e28d554507eff7b190211caa96e9a5a93d34ca612a0a52452e9aaeaaa01e8b45894e9e610c

    • SSDEEP

      24576:BAHnh+eWsN3skA4RV1Hom2KXMmHabbr6qd0SinFd5:Yh+ZkldoPK8YabfDd0V

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks