General

  • Target

    fa757fd3c276a1110eb4d96c8176670442bbc49dffc354ff360f342166fb8a06.exe

  • Size

    513KB

  • Sample

    241122-npp6yawkap

  • MD5

    e78c6d36d0d96afb4ec79b2d75d72461

  • SHA1

    d9b0188f57e978f0cac81ca7a365a66a85c5144c

  • SHA256

    fa757fd3c276a1110eb4d96c8176670442bbc49dffc354ff360f342166fb8a06

  • SHA512

    8da5a4d2f6bfb78ddb693488f1dcd09188d7555bfac61833a6da5233a3df45d46875e8a9a9acf1b4100b1a70bd07a434c316e864c7c9e1ff07bc9f3a536e2ced

  • SSDEEP

    12288:UGeKvwZe/UrHaGfb6POd+rTpOSJMvMEB75:UGeKJcrH7/d+/BMv35

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

bs2l

Decoy

file-anae.com

letsgosunderland.com

urgome.com

g5tet.xyz

myline2online.com

crafty-buck.com

uralpack.net

chinmeat.com

kursuskekipoh.com

justgantt.com

hqh.xyz

xiongege55.com

pokebrostogo.com

firststonemusic.com

bataviabento.com

comoditahandyshop.com

dayloniabeauty.com

ceeonec.com

scribblerhub.com

lindosueno.com

Targets

    • Target

      fa757fd3c276a1110eb4d96c8176670442bbc49dffc354ff360f342166fb8a06.exe

    • Size

      513KB

    • MD5

      e78c6d36d0d96afb4ec79b2d75d72461

    • SHA1

      d9b0188f57e978f0cac81ca7a365a66a85c5144c

    • SHA256

      fa757fd3c276a1110eb4d96c8176670442bbc49dffc354ff360f342166fb8a06

    • SHA512

      8da5a4d2f6bfb78ddb693488f1dcd09188d7555bfac61833a6da5233a3df45d46875e8a9a9acf1b4100b1a70bd07a434c316e864c7c9e1ff07bc9f3a536e2ced

    • SSDEEP

      12288:UGeKvwZe/UrHaGfb6POd+rTpOSJMvMEB75:UGeKJcrH7/d+/BMv35

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook family

    • Formbook payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks