General

  • Target

    c1858ea28a880a9d789497986b541c29f79cb2d6de8aea568f09b309a7819c73.exe

  • Size

    715KB

  • Sample

    241215-ekc65svpel

  • MD5

    303c96d28de2023a3358f8a1c4dca692

  • SHA1

    4fb8a0435be969803b11d4775d9026f692c64445

  • SHA256

    c1858ea28a880a9d789497986b541c29f79cb2d6de8aea568f09b309a7819c73

  • SHA512

    178e895c18b1afecfaa4bc10c259bd369485ed5ff03c96d0fdd36eb429e407bf57a0fb1b47268328cb9751982bdea69383b0f5be3af6a7c2738397b96d43b568

  • SSDEEP

    12288:ZC25usx+XtRIO/3YtvYwFA8wL6Ab5buKjGhKyPV0VlzYqrh+GkVc:LxyIFvULLpNyKj6KKVqhYqla

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

bs84

Decoy

ehuatang.quest

mart-healthcare.solutions

arehouse-inventory-59593.bond

rumpjokes.net

oonlightshadow.store

odernoob.website

sdmedia.net

0k21l6z.xyz

kwovenart.shop

chvb.bid

06ks28.buzz

grexvc.online

unnycdn02.shop

ettingitgonejunk.net

lubmango.store

ustjump.xyz

ofiveuss.store

aahasti-inter5.rest

etclcg.business

ai365.xyz

Targets

    • Target

      c1858ea28a880a9d789497986b541c29f79cb2d6de8aea568f09b309a7819c73.exe

    • Size

      715KB

    • MD5

      303c96d28de2023a3358f8a1c4dca692

    • SHA1

      4fb8a0435be969803b11d4775d9026f692c64445

    • SHA256

      c1858ea28a880a9d789497986b541c29f79cb2d6de8aea568f09b309a7819c73

    • SHA512

      178e895c18b1afecfaa4bc10c259bd369485ed5ff03c96d0fdd36eb429e407bf57a0fb1b47268328cb9751982bdea69383b0f5be3af6a7c2738397b96d43b568

    • SSDEEP

      12288:ZC25usx+XtRIO/3YtvYwFA8wL6Ab5buKjGhKyPV0VlzYqrh+GkVc:LxyIFvULLpNyKj6KKVqhYqla

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook family

    • Formbook payload

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks