General

  • Target

    RRW9901200241.exe

  • Size

    325KB

  • Sample

    210113-g37dqjny3n

  • MD5

    61ffb4ad4721f51413075923b2e9468d

  • SHA1

    aa9ca98955157ca28bdbb1d8d29c3d1af2e28023

  • SHA256

    546e873e9e746eeee9cbed391ff7463ce192091ee0ff51c076291da5d836f64f

  • SHA512

    fe49b3771c704c8ab65cb7eb54e6a6e29abb96d0f6e2a9e1d3838d99370d2d868b51111a4ff5e04b181c1f12f42a296a56c5a1e3afb4fa05540ae632d592dbd7

Malware Config

Extracted

Family

formbook

C2

http://www.unitvn.com/krc/

Decoy

grayfoxden.com

drupadhyayashomoeopathy.com

coordinatedcare-ok.com

the-legend-update3.com

remoteworkoffer.com

r3dprojects.com

banhuaihangschool.com

7852bigbucktrail.info

villagepizzafloralpark.com

sgtradingusa.com

evolvestephanieperreault.com

timelessbeautylessons.com

monkeytrivia.com

bsf.xyz

canda.design

recetasnutribullet.com

olenfex.com

catatan-matematika.com

roeltecnologiadigital.com

jutoxnatural.com

Targets

    • Target

      RRW9901200241.exe

    • Size

      325KB

    • MD5

      61ffb4ad4721f51413075923b2e9468d

    • SHA1

      aa9ca98955157ca28bdbb1d8d29c3d1af2e28023

    • SHA256

      546e873e9e746eeee9cbed391ff7463ce192091ee0ff51c076291da5d836f64f

    • SHA512

      fe49b3771c704c8ab65cb7eb54e6a6e29abb96d0f6e2a9e1d3838d99370d2d868b51111a4ff5e04b181c1f12f42a296a56c5a1e3afb4fa05540ae632d592dbd7

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook Payload

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks