General

  • Target

    rl_2e5525cdd195bdd98dec03232b881f204c9076cd73bb8acd92ca03fe22ea9527

  • Size

    1.1MB

  • Sample

    250701-jz97mstk12

  • MD5

    6a4b1e526f4546e81a6af3a68517d82b

  • SHA1

    f9e8dd21efca8f96857175dee5e2c9eb443502f8

  • SHA256

    2e5525cdd195bdd98dec03232b881f204c9076cd73bb8acd92ca03fe22ea9527

  • SHA512

    542673974c7ae628d248d2b7335bd7784ef2808b5bd9dafb12b3fa549f961861516e24a4cd36f96191db8a903791aebcfabf9dc9fc8b515a00b09bde357a2348

  • SSDEEP

    24576:S5EmXFtKaL4/oFe5T9yyXYfP1ijXdaObqr4sCxJa:SPVt/LZeJbInQRaOwZq

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

le23

Decoy

tartweb.click

jyxzg.tech

aa18i.vip

uhnya-voyna-za-otel.net

gvvlv.top

p2rnl.top

8kwxb.top

erme91.xyz

al3epfmfa.xyz

oeeel.top

qizi3.top

hp3u4g7u6.shop

uaynearchizmtleri.xyz

ummerwind.top

5qaoa.vip

ilko.studio

j9wht33gmh.xyz

h84y.top

agicalnarrative.xyz

ardswitlzv.bond

Targets

    • Target

      rl_2e5525cdd195bdd98dec03232b881f204c9076cd73bb8acd92ca03fe22ea9527

    • Size

      1.1MB

    • MD5

      6a4b1e526f4546e81a6af3a68517d82b

    • SHA1

      f9e8dd21efca8f96857175dee5e2c9eb443502f8

    • SHA256

      2e5525cdd195bdd98dec03232b881f204c9076cd73bb8acd92ca03fe22ea9527

    • SHA512

      542673974c7ae628d248d2b7335bd7784ef2808b5bd9dafb12b3fa549f961861516e24a4cd36f96191db8a903791aebcfabf9dc9fc8b515a00b09bde357a2348

    • SSDEEP

      24576:S5EmXFtKaL4/oFe5T9yyXYfP1ijXdaObqr4sCxJa:SPVt/LZeJbInQRaOwZq

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook family

    • Formbook payload

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v16

Tasks