General

  • Target

    a327355ae6e99929d1303a762ea8a936d8e4884f45d683de08dba6882c1c016d.exe

  • Size

    730KB

  • Sample

    241004-cbm9mssbka

  • MD5

    47f67ecfb3eb722a3d7aefb8b5ac8b54

  • SHA1

    78da020402a8413cdf7d663a196c9ce46577bdbb

  • SHA256

    a327355ae6e99929d1303a762ea8a936d8e4884f45d683de08dba6882c1c016d

  • SHA512

    6b82898b826ee2fc7b8f1e39c4302cb69fef655bb6cc7389cb8397c8dcca28cbe3a81ec84d96fb1e13692aa833894b1b2ef7c56628685d42853808495a695ca3

  • SSDEEP

    12288:CQq8Tj0Kd+D1fDwAmlhwJogsFRot09s4KlV7N5r:h5f0/8gsFRouu/7NZ

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

cu29

Decoy

qidr.shop

usinessaviationconsulting.net

68716329.xyz

nd-los.net

ealthironcladguarantee.shop

oftware-download-69354.bond

48372305.top

omeownershub.top

mall-chilli.top

ajakgoid.online

ire-changer-53482.bond

rugsrx.shop

oyang123.info

azino-forum-pro.online

817715.rest

layman.vip

eb777.club

ovatonica.net

urgaslotvip.website

inn-paaaa.buzz

Targets

    • Target

      a327355ae6e99929d1303a762ea8a936d8e4884f45d683de08dba6882c1c016d.exe

    • Size

      730KB

    • MD5

      47f67ecfb3eb722a3d7aefb8b5ac8b54

    • SHA1

      78da020402a8413cdf7d663a196c9ce46577bdbb

    • SHA256

      a327355ae6e99929d1303a762ea8a936d8e4884f45d683de08dba6882c1c016d

    • SHA512

      6b82898b826ee2fc7b8f1e39c4302cb69fef655bb6cc7389cb8397c8dcca28cbe3a81ec84d96fb1e13692aa833894b1b2ef7c56628685d42853808495a695ca3

    • SSDEEP

      12288:CQq8Tj0Kd+D1fDwAmlhwJogsFRot09s4KlV7N5r:h5f0/8gsFRouu/7NZ

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.