General

  • Target

    16a2b3061782b0036be569ceed52e9e9

  • Size

    646KB

  • Sample

    250701-f76bwa1tgw

  • MD5

    16a2b3061782b0036be569ceed52e9e9

  • SHA1

    e6d3c63fc774ae4c5fc63250e93f74a010b854a8

  • SHA256

    f885bec399f4f6b5fb2715ad04fab2e7c7c39f9b47c8ed00fdecacc15d50fd63

  • SHA512

    dc727ab8d1e2ca09031e9cf088476b1e4b40fa1397bbafb688f3bc2eb789eb9c34568131f9ce45afc16884930b2f15ffac9a2aee2fcdf437c4d6d22ff1679cc1

  • SSDEEP

    12288:hpyilzab9q3TTOkMKaIbLpKqRrc45tgY5cGCugmug50n7vseRo16imrs:Hyilzah4tbNKqJcWgscGCuFBkoeRO6

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

k15k

Decoy

1wintop.buzz

mqcbmtahd.shop

ranchiseclub.website

ravessia.tech

eayqe.info

ackageprocessing.info

itheaven.fit

hifamart.xyz

nvesting-courses-87236.bond

earchthebox.today

efpatvkwzfc.top

hebalancedme.info

ebalance.group

ynq.run

otizie247.club

lexcallagee.news

efiairdrop.pro

ovcjc.info

aintreasurestudio.shop

45pr460vcd.shop

Targets

    • Target

      16a2b3061782b0036be569ceed52e9e9

    • Size

      646KB

    • MD5

      16a2b3061782b0036be569ceed52e9e9

    • SHA1

      e6d3c63fc774ae4c5fc63250e93f74a010b854a8

    • SHA256

      f885bec399f4f6b5fb2715ad04fab2e7c7c39f9b47c8ed00fdecacc15d50fd63

    • SHA512

      dc727ab8d1e2ca09031e9cf088476b1e4b40fa1397bbafb688f3bc2eb789eb9c34568131f9ce45afc16884930b2f15ffac9a2aee2fcdf437c4d6d22ff1679cc1

    • SSDEEP

      12288:hpyilzab9q3TTOkMKaIbLpKqRrc45tgY5cGCugmug50n7vseRo16imrs:Hyilzah4tbNKqJcWgscGCuFBkoeRO6

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook family

    • Formbook payload

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v16

Tasks