General

  • Target

    2.exe

  • Size

    185KB

  • Sample

    240906-yhfc9svcqm

  • MD5

    cb90c75f8cbbbcc3f74ee22288c800a1

  • SHA1

    1c84ad88465e6eb1b91dfaf099bf2697e44ccc0d

  • SHA256

    b3d45d85cba27f6900215868e9e6e9a97fb95648a42396305cd8bcb50c8e80d0

  • SHA512

    22e8fd5f34e92ffb92e362efdc3866c9bfab68a5f6f463f64ae4f16876722dd4595e0cff34f970dd87140859b58e6acdb20c8b82f27ed42bbf7cc80f46e7a314

  • SSDEEP

    3072:8MHDFaMPRIjxWcy4C9y30XclW6Qilinp0fJ4XNZkAC581h/dgHG0uD1X4/qZa:e7UL4Co3js6QilinA4XN+zKh/uG0u5XC

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

l26n

Decoy

vtxapg.bond

iscussatthetable.net

q5b2.vip

urculturalbuzz.buzz

0xfulisuo.xyz

iz-kyc.online

atladies4kamala.vote

aison-maison.xyz

codom73.online

aosecurity.online

szxart.xyz

ergecast.net

ealker.pro

hickensforkfc.net

ldoradocasino-uee.top

afiqgroup.net

ercania.net

sdc.ngo

raphic-design-degree-37012.bond

888yl123.vip

Targets

    • Target

      2.exe

    • Size

      185KB

    • MD5

      cb90c75f8cbbbcc3f74ee22288c800a1

    • SHA1

      1c84ad88465e6eb1b91dfaf099bf2697e44ccc0d

    • SHA256

      b3d45d85cba27f6900215868e9e6e9a97fb95648a42396305cd8bcb50c8e80d0

    • SHA512

      22e8fd5f34e92ffb92e362efdc3866c9bfab68a5f6f463f64ae4f16876722dd4595e0cff34f970dd87140859b58e6acdb20c8b82f27ed42bbf7cc80f46e7a314

    • SSDEEP

      3072:8MHDFaMPRIjxWcy4C9y30XclW6Qilinp0fJ4XNZkAC581h/dgHG0uD1X4/qZa:e7UL4Co3js6QilinA4XN+zKh/uG0u5XC

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks