General

  • Target

    swift mt 1033.exe

  • Size

    743KB

  • Sample

    241219-h5jq7svpdp

  • MD5

    df300e93be84410e629996a8050e47b2

  • SHA1

    1ace59620fa5e6b7717a04ad28620e6a61191c80

  • SHA256

    36ac663aee997b4b8da3bd498abcbdb91ca180f7afe402ce8ab166099c098cbf

  • SHA512

    435302f901c1068288bf80e5726f3f9d0cbb4bfc6a3b489c7e3260698aa0b3e1707a203d3998b99ea183a21f3a1736eaa422fee358d88eb795647d665fa7b705

  • SSDEEP

    12288:w38f2uE1zDf5n7Dm1C8T7bl9JrUKrlR+v+Yyf39fiQyHWsUuAPM5Uf8f2:w3u2uO3B4Ck59ReyfN5kWtuAa4u2

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

k49s

Decoy

ufberyrubiest.shop

tpanekatotosite.top

esona805158762.xyz

earing-tests-15487.bond

rediksitiraitoto.xyz

tore-playstore.online

mpresarialpx38.online

ufxusa.net

reativedesigns.lat

leaning-services-47614.bond

959725nptklnq923.top

treziop.xyz

eubel-bestseller.online

uynewcars.xyz

all-panels-74750.bond

erviceninjas.vip

arectoroffice.xyz

oviesgpt.app

ractors-22059.bond

rakenfitness.info

Targets

    • Target

      swift mt 1033.exe

    • Size

      743KB

    • MD5

      df300e93be84410e629996a8050e47b2

    • SHA1

      1ace59620fa5e6b7717a04ad28620e6a61191c80

    • SHA256

      36ac663aee997b4b8da3bd498abcbdb91ca180f7afe402ce8ab166099c098cbf

    • SHA512

      435302f901c1068288bf80e5726f3f9d0cbb4bfc6a3b489c7e3260698aa0b3e1707a203d3998b99ea183a21f3a1736eaa422fee358d88eb795647d665fa7b705

    • SSDEEP

      12288:w38f2uE1zDf5n7Dm1C8T7bl9JrUKrlR+v+Yyf39fiQyHWsUuAPM5Uf8f2:w3u2uO3B4Ck59ReyfN5kWtuAa4u2

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook family

    • Formbook payload

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks