General

  • Target

    9adb74d4a3e30d322e070b91da3865ae8c7b71dd0f4ebce22538d0ef73a55264.exe

  • Size

    668KB

  • Sample

    240911-j39ehszhlk

  • MD5

    548723a3e99422d6ccf19ae013010e1b

  • SHA1

    27e594a6814393331674014791cea927caeaf4a1

  • SHA256

    9adb74d4a3e30d322e070b91da3865ae8c7b71dd0f4ebce22538d0ef73a55264

  • SHA512

    3042a661121e5bb7fe77af406512ccbf7d745a8291ece023f416803bd6c546420868ed06d0144044e84d2875ab048244b640f9bfeb67d564f4c43105102f0b81

  • SSDEEP

    12288:TkcZDcY/I1Y+04N46gUgXdaWzLgT4yOXqthDSRhIiKKKEA1A9/kR:YcBM1gzzXl9RXq32DKKKEGZ

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

m49z

Decoy

ormswarm.xyz

awn-care-63587.bond

uymetanail5.online

mergencyloan007.xyz

545.top

eiliao596.pro

ackersandmoverschennai.net

ehdiahmadvandmusicbest.click

tlgxmb2024.cloud

ulfcoastharborhopper.pro

rohns-disease-early-signs.today

oldenhorizonsbgcl.click

weetindulgencepro.xyz

yexoiup.xyz

yself-solar.net

kfirsatimla.online

bropub3.online

ouljourney.online

usvf76f.shop

onnaberich.online

Targets

    • Target

      9adb74d4a3e30d322e070b91da3865ae8c7b71dd0f4ebce22538d0ef73a55264.exe

    • Size

      668KB

    • MD5

      548723a3e99422d6ccf19ae013010e1b

    • SHA1

      27e594a6814393331674014791cea927caeaf4a1

    • SHA256

      9adb74d4a3e30d322e070b91da3865ae8c7b71dd0f4ebce22538d0ef73a55264

    • SHA512

      3042a661121e5bb7fe77af406512ccbf7d745a8291ece023f416803bd6c546420868ed06d0144044e84d2875ab048244b640f9bfeb67d564f4c43105102f0b81

    • SSDEEP

      12288:TkcZDcY/I1Y+04N46gUgXdaWzLgT4yOXqthDSRhIiKKKEA1A9/kR:YcBM1gzzXl9RXq32DKKKEGZ

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.