General

  • Target

    Statement of Account.exe

  • Size

    686KB

  • Sample

    241028-rwva1syrh1

  • MD5

    d034873f3ca1528cd660316e6bbe8c14

  • SHA1

    bfd745b38033a3e3ee21be7876d053ea20cc46ef

  • SHA256

    0248b7bdbf6c49ffceddae89725a94da2c3076ebbf6253fafd2c817b57dc5891

  • SHA512

    dfe8c17ee1846f7f469bb51acc42695734e2eea555d1fba81bc44a9686c4d9bb1d6f424ea156d2e15e4d8c002a4405f53719481ae875aa36fa9ad04adf436b65

  • SSDEEP

    12288:DjakOtXy9wBynnEBkRbsrli5VzgnaIwvBPmBaKcWDtQwBPaNi9a:Dj34Lo4kRbs5i3zgnVomBSwqCCi9

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

cu29

Decoy

qidr.shop

usinessaviationconsulting.net

68716329.xyz

nd-los.net

ealthironcladguarantee.shop

oftware-download-69354.bond

48372305.top

omeownershub.top

mall-chilli.top

ajakgoid.online

ire-changer-53482.bond

rugsrx.shop

oyang123.info

azino-forum-pro.online

817715.rest

layman.vip

eb777.club

ovatonica.net

urgaslotvip.website

inn-paaaa.buzz

Targets

    • Target

      Statement of Account.exe

    • Size

      686KB

    • MD5

      d034873f3ca1528cd660316e6bbe8c14

    • SHA1

      bfd745b38033a3e3ee21be7876d053ea20cc46ef

    • SHA256

      0248b7bdbf6c49ffceddae89725a94da2c3076ebbf6253fafd2c817b57dc5891

    • SHA512

      dfe8c17ee1846f7f469bb51acc42695734e2eea555d1fba81bc44a9686c4d9bb1d6f424ea156d2e15e4d8c002a4405f53719481ae875aa36fa9ad04adf436b65

    • SSDEEP

      12288:DjakOtXy9wBynnEBkRbsrli5VzgnaIwvBPmBaKcWDtQwBPaNi9a:Dj34Lo4kRbs5i3zgnVomBSwqCCi9

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook family

    • Formbook payload

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks