General

  • Target

    1d7608383da2756b65cc19e91419acd47290ee520b76a760bb5089f1738a7778

  • Size

    694KB

  • Sample

    241115-stadhawflc

  • MD5

    ec40a248a16d96dc142dbb3790ca6975

  • SHA1

    87eaa2b463ecf0321eb2f82869dcfdc2cb780f46

  • SHA256

    1d7608383da2756b65cc19e91419acd47290ee520b76a760bb5089f1738a7778

  • SHA512

    6bbe02275246e09819a870f70c7adc22788885a2182d734561180dc5a6c08b6ff8f9483be8fbd3e5085da02554adde0d464aab4d8aa770fe08f4e19f2fcb718f

  • SSDEEP

    12288:qW3lK5SX0mH7vCJVMaeGr5m+ghXUoyFXwPOs3HI4PZe3Ue0W+c3w5cfnEyYEW:RvCJVM05m+ghyoOs3PPZLW/goEyzW

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

dn13

Decoy

5q53s.top

f9813.top

ysticsmoke.net

ignorysingeysquints.cfd

yncsignature.live

svp-their.xyz

outya.xyz

wlkflwef3sf2wf.top

etterjugfetkaril.cfd

p9eh2s99b5.top

400108iqlnnqi219.top

ynsu-condition.xyz

ndividual-bfiaen.xyz

anceibizamagazine.net

itrussips.live

orkcubefood.xyz

lindsandfurnishings.shop

ajwmid.top

pigramescentfeatous.shop

mbvcv56789.click

Targets

    • Target

      1d7608383da2756b65cc19e91419acd47290ee520b76a760bb5089f1738a7778

    • Size

      694KB

    • MD5

      ec40a248a16d96dc142dbb3790ca6975

    • SHA1

      87eaa2b463ecf0321eb2f82869dcfdc2cb780f46

    • SHA256

      1d7608383da2756b65cc19e91419acd47290ee520b76a760bb5089f1738a7778

    • SHA512

      6bbe02275246e09819a870f70c7adc22788885a2182d734561180dc5a6c08b6ff8f9483be8fbd3e5085da02554adde0d464aab4d8aa770fe08f4e19f2fcb718f

    • SSDEEP

      12288:qW3lK5SX0mH7vCJVMaeGr5m+ghXUoyFXwPOs3HI4PZe3Ue0W+c3w5cfnEyYEW:RvCJVM05m+ghyoOs3PPZLW/goEyzW

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook family

    • Formbook payload

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks