General

  • Target

    6f111b596da1ac7d71c4362b18309648

  • Size

    214KB

  • Sample

    220505-gnk29sfcd5

  • MD5

    6f111b596da1ac7d71c4362b18309648

  • SHA1

    e09f8065342a4c8664148bec4b0d9265e7e5842a

  • SHA256

    285e772a15413afa15e86632327faebaa56ff23d0ca19249c228b2d531e19f96

  • SHA512

    f3e1c725d4c0916a4856af17e272791f056595399e9970c58a4156fbd262e761b50b511cc422e41becfa86493f6248480f855df6718eeaac904d53e1ec8f1e88

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

m0d4

Decoy

prettyhairdivas.mobi

cityblocksnft.com

laraqiiz.com

mubarakdigitalmedia.com

perstockholm.com

xn--imprio-dva.site

baigouw.com

support-client-video.com

phomas.info

dengedizayn.com

zoommachone.xyz

houseoflancasterhours.com

petarungslot.website

tyrs-it.com

dalianzhuchiren.com

tenthgenerationtorah.com

portres.online

1-minute.store

shikakunazo.com

veymes.store

Targets

    • Target

      6f111b596da1ac7d71c4362b18309648

    • Size

      214KB

    • MD5

      6f111b596da1ac7d71c4362b18309648

    • SHA1

      e09f8065342a4c8664148bec4b0d9265e7e5842a

    • SHA256

      285e772a15413afa15e86632327faebaa56ff23d0ca19249c228b2d531e19f96

    • SHA512

      f3e1c725d4c0916a4856af17e272791f056595399e9970c58a4156fbd262e761b50b511cc422e41becfa86493f6248480f855df6718eeaac904d53e1ec8f1e88

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata: ET MALWARE FormBook CnC Checkin (GET)

    • Formbook Payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Discovery

System Information Discovery

1
T1082

Tasks