General

  • Target

    264363a6ad5f6720663cd201f8037f0c6f3bfda8216bb8f975e7df9fd9c699b9.exe

  • Size

    756KB

  • Sample

    241211-cqtpza1mbx

  • MD5

    147579a97da0eca0d7710189aa127157

  • SHA1

    fe11ac8a0ddb01d39a5d2614686738d9c9e8a9ff

  • SHA256

    264363a6ad5f6720663cd201f8037f0c6f3bfda8216bb8f975e7df9fd9c699b9

  • SHA512

    6fd90440b24d239c88ff8264f99b4c434a14b4e1d311579f42d6a0d681acc5e1d00ce593521a68efb168ef6ed7bcb71501a0e1afa6e5bceac4c5107de0d1ef1f

  • SSDEEP

    12288:dlMQIaLR0bwS1+ccfxuwdjXtm4DIpeIQt1Ct9qmLwy9EXX++S:NvV18xApjXtm0IpeICCt9VLwFO

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ct27

Decoy

arehouse-inventory-22552.bond

lead.today

utomation-tools-36376.bond

uizdabarbie.shop

yedzio.xyz

riffinfamily.fun

lashsmm.store

estlumpia.shop

aki777id.best

ilmach.net

ome-care-25437.bond

i404.net

jacp.bid

he-broker.net

quick.biz

ynacloud.xyz

harmant-g.online

f85to5a2x.cyou

pdgkt.bid

at-removal-near-me-103.xyz

Targets

    • Target

      264363a6ad5f6720663cd201f8037f0c6f3bfda8216bb8f975e7df9fd9c699b9.exe

    • Size

      756KB

    • MD5

      147579a97da0eca0d7710189aa127157

    • SHA1

      fe11ac8a0ddb01d39a5d2614686738d9c9e8a9ff

    • SHA256

      264363a6ad5f6720663cd201f8037f0c6f3bfda8216bb8f975e7df9fd9c699b9

    • SHA512

      6fd90440b24d239c88ff8264f99b4c434a14b4e1d311579f42d6a0d681acc5e1d00ce593521a68efb168ef6ed7bcb71501a0e1afa6e5bceac4c5107de0d1ef1f

    • SSDEEP

      12288:dlMQIaLR0bwS1+ccfxuwdjXtm4DIpeIQt1Ct9qmLwy9EXX++S:NvV18xApjXtm0IpeICCt9VLwFO

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook family

    • Formbook payload

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks