General

  • Target

    pending orders0308 D2101002610 pdf.7z

  • Size

    686KB

  • Sample

    210421-mq6nv98lvs

  • MD5

    7d9224e610eab56f6a2276a8f31f8cc7

  • SHA1

    77919ef68e5247483816a1b1a1a030f537ce54f1

  • SHA256

    c76e376abdeb8103dc00f7c3b68cdf6a685cc5578269b83edc249fa0693cb973

  • SHA512

    8a8d0db415cddc6f3cc06fe63e0bf800fa4c4bcb7822cbf761dca20bea7201ebcfbed896defde118f02149273ee55a3ceb43d44ffa3b2557bd2ba11925bcfc83

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.gloomyca.com/chue/

Decoy

hairdewproducts.com

whssboys.net

visual-promotions.com

alsgotyaexteriorcleaning.com

conwayconsultant.com

sjlartistrydesign.info

organicroomservice.com

elatedscents.com

selfauthering.com

variablemonsters.com

thedietcop.com

openhouseshamptonroads.com

tyrantthemes.com

trumppowercatamarans.com

yznx.xyz

jshfoodpantry.com

larmealoeil.com

biztradelines.com

axawinterthur.sucks

inspiredtravels.net

Targets

    • Target

      pending orders0308 D2101002610 pdf.exe

    • Size

      1.0MB

    • MD5

      346fb2689c7f90207ce5df0b60be8b14

    • SHA1

      3eee0df26d21393485821a95c2beffc8797d090b

    • SHA256

      6a900970eda971ac9e4cc4263b78b6145ef6c5a94783c572805fdf3c85a8503a

    • SHA512

      9875b395dc34b35f011916d89f3647b155821a4627256d1a7fd3c7af655dcec1e153b1ddcd764e957a404547c4cb6b930afbc358f065ec9671030cf82edf02f8

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook Payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Execution

Command-Line Interface

1
T1059

Defense Evasion

Modify Registry

1
T1112

Discovery

System Information Discovery

1
T1082

Tasks