General

  • Target

    7a2a42d89d047cff6cee9394efc4df4420c921d117d8642dac65a7e49c5c0360.rar

  • Size

    752KB

  • Sample

    240925-ceqh6syapp

  • MD5

    571e6f256ed909eb5588fa468a41bf34

  • SHA1

    9b3bdb755664ee4aadc3252e0c67318ed146fcb0

  • SHA256

    7a2a42d89d047cff6cee9394efc4df4420c921d117d8642dac65a7e49c5c0360

  • SHA512

    c0019a7cf26953c482407a27ddf6c84a5d12d7bc6df2b21a64eb99ac8dee6010b2f90bf6324f71508461cf47a4cbeada7550871dd896ad61f49779d92128c64b

  • SSDEEP

    12288:KsNx+QKbK8kIyYCedTnjj2tAEJMbMxX4+Jl1CRM5EV1dbwSQvvL+rjX0q5cfwJ:KU+Q7KyXetmtAN0X4+xCREQdbwXvyrTp

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

e62s

Decoy

ellinksa.shop

uckyspinph.xyz

owdark.net

arriage-therapy-72241.bond

w7ijko4rv4p97b.top

heirbuzzwords.buzz

aspart.shop

ctivemail5-kagoya-com.info

shacertification9.shop

zitcd65k3.buzz

llkosoi.info

ru8.info

rhgtrdjdjykyetrdjftd.buzz

yschoollist.kiwi

oftfolio.online

rograma-de-almacen-2.online

oudoarms.top

mwquas.xyz

orjagaucha.website

nlinechat-mh.online

Targets

    • Target

      Order 730138526004.exe

    • Size

      1.1MB

    • MD5

      d2e4e90dd7b91cdedd4f5f2fe58184b0

    • SHA1

      9bb020d804cb5119842b15dd6cec240337ebb5b3

    • SHA256

      d680261fb4d68f03216d8cb56648bce8a416b821a9692e14789eccbe24c8f04f

    • SHA512

      38a37a4c69286b7d34b86ae5ab27ac76d26868a329e86ff0342f31d5ef25c408f25328999bfa970b86f2fac67cf7f00875bdd8b5d5751b1d8d281c44028563ed

    • SSDEEP

      24576:uRmJkcoQricOIQxiZY1iaC+Yu82vCaskCebDy0DQ:7JZoQrbTFZY1iaC+QgC5Svy7

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks