General

  • Target

    9d29cb978c64e5ad17d72e5cabac60c2e4871924c41a7dc0ccaadba7a428703a.exe

  • Size

    648KB

  • Sample

    241204-dg4n9atnfq

  • MD5

    23c82ab652e622a3b359585df5588715

  • SHA1

    d5a7ee9c740354cd485b9660dfeed4090086290d

  • SHA256

    9d29cb978c64e5ad17d72e5cabac60c2e4871924c41a7dc0ccaadba7a428703a

  • SHA512

    6cba277c64f2464b2389e7ebbbf9d8ee76e3094b9731824a622fd25eab02e00fdf31251798650d03680daac9c57a0520b592e2a67ca95b56dcbab31b5d569fce

  • SSDEEP

    12288:vIR4R52J+XtsZVtEppdfqnMLpJgSJCCsj8tYRHG2EnMXvxtZsIu6WIR:vIeezjaWop5JCAKm2su1shI

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

bs84

Decoy

ehuatang.quest

mart-healthcare.solutions

arehouse-inventory-59593.bond

rumpjokes.net

oonlightshadow.store

odernoob.website

sdmedia.net

0k21l6z.xyz

kwovenart.shop

chvb.bid

06ks28.buzz

grexvc.online

unnycdn02.shop

ettingitgonejunk.net

lubmango.store

ustjump.xyz

ofiveuss.store

aahasti-inter5.rest

etclcg.business

ai365.xyz

Targets

    • Target

      9d29cb978c64e5ad17d72e5cabac60c2e4871924c41a7dc0ccaadba7a428703a.exe

    • Size

      648KB

    • MD5

      23c82ab652e622a3b359585df5588715

    • SHA1

      d5a7ee9c740354cd485b9660dfeed4090086290d

    • SHA256

      9d29cb978c64e5ad17d72e5cabac60c2e4871924c41a7dc0ccaadba7a428703a

    • SHA512

      6cba277c64f2464b2389e7ebbbf9d8ee76e3094b9731824a622fd25eab02e00fdf31251798650d03680daac9c57a0520b592e2a67ca95b56dcbab31b5d569fce

    • SSDEEP

      12288:vIR4R52J+XtsZVtEppdfqnMLpJgSJCCsj8tYRHG2EnMXvxtZsIu6WIR:vIeezjaWop5JCAKm2su1shI

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook family

    • Formbook payload

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks