General

  • Target

    7190badb11c14706725e06f01dd4dbbd34f82233d3d69f7bd302cfdb947f6021.exe

  • Size

    28KB

  • Sample

    241207-dbe4psxqdn

  • MD5

    5ad176cf9482ccedc206fca269089b25

  • SHA1

    0b917af3c99023327127aa034d3904888029e2d3

  • SHA256

    7190badb11c14706725e06f01dd4dbbd34f82233d3d69f7bd302cfdb947f6021

  • SHA512

    9e9c68cd8467f5b08f514b2315025f9e863f66a2d5746f54b5d7d5df89e8b6e9c232bca3fbfedfd6450b2d1ccb37bbd630ea95c0c1bdd5150acd73fb0841d580

  • SSDEEP

    192:+YHwHj0yVgOOVinHuCN0Tv2m5g7EDum0KypCkCgS43IhS/rUO50biUU9H+v5mIAf:4AyrgCNkun7EZ3uBIhErX6mPeJACsxh

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

o62s

Decoy

lectrobay.shop

enisehirarnavutkoy.xyz

itoolz.net

otorcycle-loans-40378.bond

opjobsinusa.today

uara228j.shop

ukulbagus10.click

enhealth07.shop

cpoker.pro

ome-remodeling-16949.bond

andu.shop

hubbychicocharmqs.shop

onghi292.top

ussines-web-creators.net

alenspencer.online

ryptogigt.top

epiyiisigorta.online

ental-implants-77717.bond

juta.click

enisehirevleriarnavutkoy.xyz

Targets

    • Target

      7190badb11c14706725e06f01dd4dbbd34f82233d3d69f7bd302cfdb947f6021.exe

    • Size

      28KB

    • MD5

      5ad176cf9482ccedc206fca269089b25

    • SHA1

      0b917af3c99023327127aa034d3904888029e2d3

    • SHA256

      7190badb11c14706725e06f01dd4dbbd34f82233d3d69f7bd302cfdb947f6021

    • SHA512

      9e9c68cd8467f5b08f514b2315025f9e863f66a2d5746f54b5d7d5df89e8b6e9c232bca3fbfedfd6450b2d1ccb37bbd630ea95c0c1bdd5150acd73fb0841d580

    • SSDEEP

      192:+YHwHj0yVgOOVinHuCN0Tv2m5g7EDum0KypCkCgS43IhS/rUO50biUU9H+v5mIAf:4AyrgCNkun7EZ3uBIhErX6mPeJACsxh

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook family

    • Formbook payload

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks