General

  • Target

    New PO 127429.exe

  • Size

    1.1MB

  • Sample

    241028-ql7mxszfmb

  • MD5

    94d6aa80c6757c59f58f642c4e78bcfc

  • SHA1

    d3a359f25a9692934749a63035e1f13c71c521c6

  • SHA256

    00140ab45e4fcbba5f1b52f3058a8ac015771eb60348617843ac7ca841b8bae9

  • SHA512

    3bebb2bdd32b4c003b56799fb738dd8bba86e45b51b74fa1eed8a2b41b9c888aa5053b92f02e81df8e908bcc38d4a16fec35c27068f056c6469436617eae4564

  • SSDEEP

    24576:WfmMv6Ckr7Mny5Qts5ZBRRaIQFgwvLUDzH:W3v+7/5QtILQiwvLaD

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

cu29

Decoy

qidr.shop

usinessaviationconsulting.net

68716329.xyz

nd-los.net

ealthironcladguarantee.shop

oftware-download-69354.bond

48372305.top

omeownershub.top

mall-chilli.top

ajakgoid.online

ire-changer-53482.bond

rugsrx.shop

oyang123.info

azino-forum-pro.online

817715.rest

layman.vip

eb777.club

ovatonica.net

urgaslotvip.website

inn-paaaa.buzz

Targets

    • Target

      New PO 127429.exe

    • Size

      1.1MB

    • MD5

      94d6aa80c6757c59f58f642c4e78bcfc

    • SHA1

      d3a359f25a9692934749a63035e1f13c71c521c6

    • SHA256

      00140ab45e4fcbba5f1b52f3058a8ac015771eb60348617843ac7ca841b8bae9

    • SHA512

      3bebb2bdd32b4c003b56799fb738dd8bba86e45b51b74fa1eed8a2b41b9c888aa5053b92f02e81df8e908bcc38d4a16fec35c27068f056c6469436617eae4564

    • SSDEEP

      24576:WfmMv6Ckr7Mny5Qts5ZBRRaIQFgwvLUDzH:W3v+7/5QtILQiwvLaD

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook family

    • Formbook payload

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks