Resubmissions

09-11-2024 17:20

241109-vwrrns1pdm 10

09-11-2024 14:21

241109-rnzkrswdpq 10

General

  • Target

    1c7787b9440e1831958e911d164064869f45e254a0a3cdc53d9ef70b1bfc7dd3

  • Size

    1.2MB

  • Sample

    241109-rnzkrswdpq

  • MD5

    d578645f073f91a510a5310727891da5

  • SHA1

    4d18aef7bbb41099f84544c1b44597912cf2365e

  • SHA256

    1c7787b9440e1831958e911d164064869f45e254a0a3cdc53d9ef70b1bfc7dd3

  • SHA512

    6aef4b711df2503215e4722f57eac2f986e4820fb52b5eff280ac6768a7b50a6acf6f8dda2bb455ef3f263a12864df57d9f005035f86b621ff7f44164b22b0ee

  • SSDEEP

    24576:RHd0Wk9/OG1xlMZH7coVjFCHrDKWmKWlIieiNx+7Ja1ZM4tHZSQwJj:R90Wk9WWlmbjWHKXnlIhirdDMOm

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

oa09

Decoy

grit.careers

kingthaivegas.com

onwingirisleri.net

radio-jesus.com

forestfairiesnft.com

healthyintimatelifestyle.africa

karamoghanasti.africa

gqujtf.com

chaindenmark.com

netzerosemitechnologies.co.uk

kakekpecah1000.com

fiddler-foaled.click

adventurepsychologist.com

miletong.net

discounttirestoresinc.com

goldmanmediaent.com

entsorgunglangnau.ch

brezop.xyz

24-02-2022.site

artificialgrassminneapolis.com

Targets

    • Target

      FEDEX TRN 771893954554.exe

    • Size

      2.2MB

    • MD5

      22b365e10dd635468212251994b194bf

    • SHA1

      069d6d2395ec518d0156b6d02519d3b8e896e5b5

    • SHA256

      7f9b8fcc527d02e66b49d76ff52297d69dbf237a8dd4342fdf3f49a2189c67d0

    • SHA512

      fbb27e9c38a6f351edd756b00227c42b98bf08c89c1c85e3b74462a381b61e4347972f373327f540b5744ef661ed0c1b3072b188616d5a5950478720bddefb1b

    • SSDEEP

      24576:iB26eZ4fTPkhZ2PAG0pMn6+YZ8IOxSD68Q81Zr6kNefAd/YK2HzQX9Kub+YSgrBK:Zhhj+EbjDE81R6iY7O

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook family

    • Formbook payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks