General

  • Target

    1b9e77854e399411406c1f8e3fa6e0bceb4a1284c7bedeed503bcb24bdcfbe30.exe

  • Size

    653KB

  • Sample

    240806-bqfyfavcrp

  • MD5

    4f9709aa08fb342403b4a9d952419184

  • SHA1

    07913a57cfe7e1674525397f571ae98d3195a11c

  • SHA256

    1b9e77854e399411406c1f8e3fa6e0bceb4a1284c7bedeed503bcb24bdcfbe30

  • SHA512

    cde7fe3db0ee4fd1876e3b40601e4d9c81ae4b2fa525335d183c9d0314fde6eaaa5820303d3fd2eb0a008f09511c08967fe0ba00fea83c9dee8d98d80f513fe0

  • SSDEEP

    12288:3Zxa/zmcDXmyLO609WOgt3MbOSJ6gAFss9ewhMBdULG503vdPlLVBkR:3ZxaakZb0wr3MRJ7U9ZMBYG503DLVc

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

v15n

Decoy

dyahwoahjuk.store

toysstorm.com

y7rak9.com

2222233p6.shop

betbox2341.com

visualvarta.com

nijssenadventures.com

main-12.site

leng4d.net

kurainu.xyz

hatesa.xyz

culturamosaica.com

supermallify.store

gigboard.app

rxforgive.com

ameliestones.com

kapalwin.live

tier.credit

sobol-ksa.com

faredeal.online

Targets

    • Target

      1b9e77854e399411406c1f8e3fa6e0bceb4a1284c7bedeed503bcb24bdcfbe30.exe

    • Size

      653KB

    • MD5

      4f9709aa08fb342403b4a9d952419184

    • SHA1

      07913a57cfe7e1674525397f571ae98d3195a11c

    • SHA256

      1b9e77854e399411406c1f8e3fa6e0bceb4a1284c7bedeed503bcb24bdcfbe30

    • SHA512

      cde7fe3db0ee4fd1876e3b40601e4d9c81ae4b2fa525335d183c9d0314fde6eaaa5820303d3fd2eb0a008f09511c08967fe0ba00fea83c9dee8d98d80f513fe0

    • SSDEEP

      12288:3Zxa/zmcDXmyLO609WOgt3MbOSJ6gAFss9ewhMBdULG503vdPlLVBkR:3ZxaakZb0wr3MRJ7U9ZMBYG503DLVc

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.