General

  • Target

    8447a77109db948caf2aeab8f22ecffb5fb15a83286c7894b0d9a06c48ed3e73

  • Size

    1.1MB

  • Sample

    241224-z4ty8axqbl

  • MD5

    61b68ed859f55e970b3b4b49e6aa3890

  • SHA1

    0621ceca3448c427848777e383c9b9d9549fde21

  • SHA256

    8447a77109db948caf2aeab8f22ecffb5fb15a83286c7894b0d9a06c48ed3e73

  • SHA512

    1ead6f9dc9428d47aa9419dc6ba1c2f753806b93df893114e3baf06c067c78667b4ccb37af5554f626ddc84dd91ab21025346243df9cb6c9d34485b537b7a11f

  • SSDEEP

    24576:DxmdOBUO2GqbAq+zyFGbTgV/S9MLk2zP38rkwuX+au+H:lnq8qGoIgGck2roNuX++

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

hwu6

Decoy

lf758.vip

locerin-hair.shop

vytech.net

pet-insurance-intl-7990489.live

thepolithat.buzz

d66dr114gl.bond

suv-deals-49508.bond

job-offer-53922.bond

drstone1.click

lebahsemesta57.click

olmanihousel.shop

piedmontcsb.info

trisula888x.top

66sodovna.net

dental-implants-83810.bond

imxtld.club

frozenpines.net

ffgzgbl.xyz

tlc7z.rest

alexismuller.design

Targets

    • Target

      8447a77109db948caf2aeab8f22ecffb5fb15a83286c7894b0d9a06c48ed3e73

    • Size

      1.1MB

    • MD5

      61b68ed859f55e970b3b4b49e6aa3890

    • SHA1

      0621ceca3448c427848777e383c9b9d9549fde21

    • SHA256

      8447a77109db948caf2aeab8f22ecffb5fb15a83286c7894b0d9a06c48ed3e73

    • SHA512

      1ead6f9dc9428d47aa9419dc6ba1c2f753806b93df893114e3baf06c067c78667b4ccb37af5554f626ddc84dd91ab21025346243df9cb6c9d34485b537b7a11f

    • SSDEEP

      24576:DxmdOBUO2GqbAq+zyFGbTgV/S9MLk2zP38rkwuX+au+H:lnq8qGoIgGck2roNuX++

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook family

    • Formbook payload

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks