General

  • Target

    PAID CA2686+CA2687+CA2688.exe

  • Size

    1.1MB

  • Sample

    241028-qdhzlaxngn

  • MD5

    a4b51a4a802bbd22c815f978f47ea06f

  • SHA1

    a8735f152d4e1e21d2ed3095821b909b022a4201

  • SHA256

    069a4c2c42050c9037f6a11f9083b312c8bc3159fbe2b73f1e84760da762e6a8

  • SHA512

    2733cd65bb29eaedf08dc0a9a4e577e01b4198240edc1c461e9efe78145071970c5116849f7a37d6a7470ed0c7b82ce6b40ed9df7c1aa011406ba2f158f405d8

  • SSDEEP

    24576:WfmMv6Ckr7Mny5Qt4BoW8YCj0cdbtMQ6gLgj:W3v+7/5Qt4BoW8O+jgj

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

cu29

Decoy

qidr.shop

usinessaviationconsulting.net

68716329.xyz

nd-los.net

ealthironcladguarantee.shop

oftware-download-69354.bond

48372305.top

omeownershub.top

mall-chilli.top

ajakgoid.online

ire-changer-53482.bond

rugsrx.shop

oyang123.info

azino-forum-pro.online

817715.rest

layman.vip

eb777.club

ovatonica.net

urgaslotvip.website

inn-paaaa.buzz

Targets

    • Target

      PAID CA2686+CA2687+CA2688.exe

    • Size

      1.1MB

    • MD5

      a4b51a4a802bbd22c815f978f47ea06f

    • SHA1

      a8735f152d4e1e21d2ed3095821b909b022a4201

    • SHA256

      069a4c2c42050c9037f6a11f9083b312c8bc3159fbe2b73f1e84760da762e6a8

    • SHA512

      2733cd65bb29eaedf08dc0a9a4e577e01b4198240edc1c461e9efe78145071970c5116849f7a37d6a7470ed0c7b82ce6b40ed9df7c1aa011406ba2f158f405d8

    • SSDEEP

      24576:WfmMv6Ckr7Mny5Qt4BoW8YCj0cdbtMQ6gLgj:W3v+7/5Qt4BoW8O+jgj

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook family

    • Formbook payload

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks