General

  • Target

    94ed3b01fe4b13ebd1d354f87387a8b09ca26829115306b86bbdc2d1d07a0b3e

  • Size

    1.1MB

  • Sample

    241005-a7a8vazerb

  • MD5

    b5687b090278f6446be5046b802dd2a0

  • SHA1

    5ffcad717c3ca822aed7a6e7eb311e43f8ccc294

  • SHA256

    94ed3b01fe4b13ebd1d354f87387a8b09ca26829115306b86bbdc2d1d07a0b3e

  • SHA512

    31a633db41275c8c19614de0a09550e993206189c898ee1e21bf76f05c5a363b8e3da0e08a1bf54a706b90e85891dd639dffe836ec482ca2af5b07191ab0f375

  • SSDEEP

    24576:ffmMv6Ckr7Mny5QL9uklsL2aRnGnJXgVuy6PG+ROusD:f3v+7/5QL9uk69W26RRfsD

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

e62s

Decoy

ellinksa.shop

uckyspinph.xyz

owdark.net

arriage-therapy-72241.bond

w7ijko4rv4p97b.top

heirbuzzwords.buzz

aspart.shop

ctivemail5-kagoya-com.info

shacertification9.shop

zitcd65k3.buzz

llkosoi.info

ru8.info

rhgtrdjdjykyetrdjftd.buzz

yschoollist.kiwi

oftfolio.online

rograma-de-almacen-2.online

oudoarms.top

mwquas.xyz

orjagaucha.website

nlinechat-mh.online

Targets

    • Target

      94ed3b01fe4b13ebd1d354f87387a8b09ca26829115306b86bbdc2d1d07a0b3e

    • Size

      1.1MB

    • MD5

      b5687b090278f6446be5046b802dd2a0

    • SHA1

      5ffcad717c3ca822aed7a6e7eb311e43f8ccc294

    • SHA256

      94ed3b01fe4b13ebd1d354f87387a8b09ca26829115306b86bbdc2d1d07a0b3e

    • SHA512

      31a633db41275c8c19614de0a09550e993206189c898ee1e21bf76f05c5a363b8e3da0e08a1bf54a706b90e85891dd639dffe836ec482ca2af5b07191ab0f375

    • SSDEEP

      24576:ffmMv6Ckr7Mny5QL9uklsL2aRnGnJXgVuy6PG+ROusD:f3v+7/5QL9uk69W26RRfsD

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.