General

  • Target

    Sigmanly_d8c0f4739b6a46ee8c46a6af4622158b9a866b6eabd1dd6a88228856520b714d

  • Size

    617KB

  • Sample

    250326-pcb9zs1zaz

  • MD5

    5d917b070d148e8c043a3df37d8d0d6f

  • SHA1

    75cd40a178208432228ce736a5c4eb35b2d89b44

  • SHA256

    d8c0f4739b6a46ee8c46a6af4622158b9a866b6eabd1dd6a88228856520b714d

  • SHA512

    cff6b80d91e5577aaf3194256006042db1397b473a1fbdc98337ff98dd1a553bbb920c8c3c663e24949b49d545ef1c39c4024fcdf0b5e5d9d52717bf01b43081

  • SSDEEP

    12288:qPFY/Bdue1pIemCBnH6h+/wfktcLkdseWQnYK7u4XFBbHovTY26:qPFG31XV0+/wfbkd37YK7u418TW

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

my18

Decoy

ladproductreviews.shop

ivor.online

odesfactory.xyz

shim.shop

elonyyoung.net

gac.online

zgtl.click

27652.locker

omelyrooms.online

ermanosu.online

offee-machine-19139.bond

91033.pro

ovedirectiveteam.info

tmsolcoinews.uno

lizz.finance

uyurbanaraava.shop

anufixo.xyz

ypercog.xyz

itblog.tech

reshdirectivesolutions.info

Targets

    • Target

      Sigmanly_d8c0f4739b6a46ee8c46a6af4622158b9a866b6eabd1dd6a88228856520b714d

    • Size

      617KB

    • MD5

      5d917b070d148e8c043a3df37d8d0d6f

    • SHA1

      75cd40a178208432228ce736a5c4eb35b2d89b44

    • SHA256

      d8c0f4739b6a46ee8c46a6af4622158b9a866b6eabd1dd6a88228856520b714d

    • SHA512

      cff6b80d91e5577aaf3194256006042db1397b473a1fbdc98337ff98dd1a553bbb920c8c3c663e24949b49d545ef1c39c4024fcdf0b5e5d9d52717bf01b43081

    • SSDEEP

      12288:qPFY/Bdue1pIemCBnH6h+/wfktcLkdseWQnYK7u4XFBbHovTY26:qPFG31XV0+/wfbkd37YK7u418TW

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook family

    • Formbook payload

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks