General

  • Target

    9b250f96c8e383893d2c2f0ae940312d86e6aec8d0e27aadd9087dce67d17c46.exe

  • Size

    1.0MB

  • Sample

    241114-db36jaxkar

  • MD5

    8fdc4e20705ad4f83474fd664ba6b627

  • SHA1

    29452d7daa56ceecf38fefb434ac78fadf494b3b

  • SHA256

    9b250f96c8e383893d2c2f0ae940312d86e6aec8d0e27aadd9087dce67d17c46

  • SHA512

    5aa6885ee2d16167ad65f5dabf45f78078f97f33aefcc2a9fe89eed6fd68b38eab07d8ac493c89f173f794c8e9aaf4edb09111c36f15a67244389bd752c70881

  • SSDEEP

    12288:Ytb20Qc3lT7af41ePBRYuQLKpqeUhbTv5OFgNuPPpHSgad7ouhgE/f4SeKq6o6A:Ytb20pkaCqT5TBWgNQ7axoCA5N6o6A

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ge07

Decoy

amyard.shop

eloshost.xyz

g18q11a.top

orensic-vendor-735524320.click

ithin-ksvodn.xyz

xhyx.top

elonix-traceglow.pro

cillascrewedsedroth.cfd

wner-nyquh.xyz

reyhazeusa.shop

esmellretaperetotal.cfd

hqm-during.xyz

pipagtxcorrelo.xyz

lray-civil.xyz

apybarameme.xyz

rbuds.shop

hild-fcudh.xyz

rkgexg.top

estwestcottwines.shop

giyztm.xyz

Targets

    • Target

      9b250f96c8e383893d2c2f0ae940312d86e6aec8d0e27aadd9087dce67d17c46.exe

    • Size

      1.0MB

    • MD5

      8fdc4e20705ad4f83474fd664ba6b627

    • SHA1

      29452d7daa56ceecf38fefb434ac78fadf494b3b

    • SHA256

      9b250f96c8e383893d2c2f0ae940312d86e6aec8d0e27aadd9087dce67d17c46

    • SHA512

      5aa6885ee2d16167ad65f5dabf45f78078f97f33aefcc2a9fe89eed6fd68b38eab07d8ac493c89f173f794c8e9aaf4edb09111c36f15a67244389bd752c70881

    • SSDEEP

      12288:Ytb20Qc3lT7af41ePBRYuQLKpqeUhbTv5OFgNuPPpHSgad7ouhgE/f4SeKq6o6A:Ytb20pkaCqT5TBWgNQ7axoCA5N6o6A

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook family

    • Formbook payload

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks