General

  • Target

    Additional DHL shipment Delivery Parcel.ace

  • Size

    364KB

  • Sample

    210228-r85k3y25nx

  • MD5

    6d93819a996be958f914c0a948c93036

  • SHA1

    abc423b47e60daacfd8345c2b16632c4170b3231

  • SHA256

    93f14543437ad1857e137e828f39022daa65cad654a95be9569d53eb0d89af3c

  • SHA512

    1dd236dfef1158645f336415fd3ec3d5619bdc81b4b9a176f838c62b0380de96178b4bde1395726b0dc0accda22582a0f0b42a86475c337f1994700d672333f7

Malware Config

Extracted

Family

formbook

C2

http://www.webperb.com/nehc/

Decoy

havenmaple.com

katrinasmarket.com

ccharlet.com

everestmedicalgroupusa.net

powervoc.com

crypto300cluv.com

davidrichterlaw.com

parkcitysongfest.com

videogeniusawards.com

beleave.club

gooddeedprocessing.com

synthsup.com

eceiptsworld.com

infinityanalytics.co.uk

damghair.com

sabaidate.com

guitarsir.com

thebowlingspot.com

denturelabmiami.com

mo-cooking.com

Targets

    • Target

      Additional DHL shipment Delivery Parcel.exe

    • Size

      510KB

    • MD5

      b2fd9aab2f1597f74abda918ddc52f89

    • SHA1

      acdf16e4c3a8e0428f7cf1934fdcfe0731b2fc28

    • SHA256

      b5ac8902c4d239f5f72366876e99a586d3aaafe45c9a9e098c8ded9a2db7615c

    • SHA512

      3297c94b09f6845905f621020821c0ae05a95a0c4e96436f57460aeae5786e7be3acf1d159a0b2282636e2d765715d8d4242be80cfa549fa5d301d05baa175ff

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook Payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks