General

  • Target

    4a85bac71b81338df2e724c587995e231dfc0b32b004cfea253b8d94422cc4ba.exe

  • Size

    1.1MB

  • Sample

    241126-cw4gcsyrfw

  • MD5

    b333b741b51e1fa861d44c2846939182

  • SHA1

    1fe1597be441315cb76e8bfddf97c2344a5d206a

  • SHA256

    4a85bac71b81338df2e724c587995e231dfc0b32b004cfea253b8d94422cc4ba

  • SHA512

    c85f9f14342e6d49b9d43cf3475f91a5a54cfc4fb89397572027912f4c478b62e306ca0fa2a886e1c89e02c226583eb97eefc04fa45efa8f2d05086a12bf197c

  • SSDEEP

    24576:ctb20pkaCqT5TBWgNQ7a6Vjaab/dPQVW0hFdc6A:FVg5tQ7a6VeGV0WWFC5

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ud04

Decoy

oum7.pro

ovonordisk.online

akrzus.pro

tendmtedcpsa.site

mm.foo

animevyhgsft29817.click

digdxxb.info

1130.vip

uy-now-pay-later-74776.bond

ybzert.online

edcn.link

rime-flow-bay.xyz

nd777id.beauty

otoyama.shop

lranchomx.xyz

unluoren.top

uglesang-troms.net

udulbet88.net

raquewear.shop

ijanarko.net

Targets

    • Target

      4a85bac71b81338df2e724c587995e231dfc0b32b004cfea253b8d94422cc4ba.exe

    • Size

      1.1MB

    • MD5

      b333b741b51e1fa861d44c2846939182

    • SHA1

      1fe1597be441315cb76e8bfddf97c2344a5d206a

    • SHA256

      4a85bac71b81338df2e724c587995e231dfc0b32b004cfea253b8d94422cc4ba

    • SHA512

      c85f9f14342e6d49b9d43cf3475f91a5a54cfc4fb89397572027912f4c478b62e306ca0fa2a886e1c89e02c226583eb97eefc04fa45efa8f2d05086a12bf197c

    • SSDEEP

      24576:ctb20pkaCqT5TBWgNQ7a6Vjaab/dPQVW0hFdc6A:FVg5tQ7a6VeGV0WWFC5

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook family

    • Formbook payload

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks