General

  • Target

    ae2734cb4074c909b5d1469c4901bfc03487342723505ef4c1adcb41d64e3917N.exe

  • Size

    550KB

  • Sample

    241204-xleqga1qap

  • MD5

    cb0b9fd1fdae008c92228b57f6c50a90

  • SHA1

    567cf2c5994f1485dc9d8808156fae39647649f0

  • SHA256

    ae2734cb4074c909b5d1469c4901bfc03487342723505ef4c1adcb41d64e3917

  • SHA512

    9585d5b2d9bb93d575facebd97b05818a14ba02c984158a80322c7e494ffaf6e559155b48e0ddb363c1cc5a99c85ae7c92f5ef77df93be046d65278de7d25726

  • SSDEEP

    12288:5MUgm/3dE/fGiCNGiTVTsdrE0V92fO/lk9onzNXxn2iv+:5M2//iCRSdrZV92f79onzNXEiv+

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

giok

Decoy

royaltysplit.xyz

home-remodeling-32327.bond

ocosoap.download

mx51pbk5z3.top

sapidermen154.buzz

always23082025.info

jencodiahcp.net

psychologist-therapy-13104.bond

okigoods.online

posedon.online

ryclegalpartners.info

seek-zapatosenlinea-cl.info

xataa.info

vitalityyvault.online

hallice732.xyz

snspleak.info

ilbrentdigitalx.info

breast-implants-17988.bond

subedisaurav.site

instamoney.website

Targets

    • Target

      ae2734cb4074c909b5d1469c4901bfc03487342723505ef4c1adcb41d64e3917N.exe

    • Size

      550KB

    • MD5

      cb0b9fd1fdae008c92228b57f6c50a90

    • SHA1

      567cf2c5994f1485dc9d8808156fae39647649f0

    • SHA256

      ae2734cb4074c909b5d1469c4901bfc03487342723505ef4c1adcb41d64e3917

    • SHA512

      9585d5b2d9bb93d575facebd97b05818a14ba02c984158a80322c7e494ffaf6e559155b48e0ddb363c1cc5a99c85ae7c92f5ef77df93be046d65278de7d25726

    • SSDEEP

      12288:5MUgm/3dE/fGiCNGiTVTsdrE0V92fO/lk9onzNXxn2iv+:5M2//iCRSdrZV92f79onzNXEiv+

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook family

    • Formbook payload

    • Adds policy Run key to start application

    • Uses the VBS compiler for execution

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks