pending orders0308 D2101002610 pdf.7z

General
Target

pending orders0308 D2101002610 pdf.7z

Size

686KB

Sample

210421-wq29skxmy2

Score
10 /10
MD5

7d9224e610eab56f6a2276a8f31f8cc7

SHA1

77919ef68e5247483816a1b1a1a030f537ce54f1

SHA256

c76e376abdeb8103dc00f7c3b68cdf6a685cc5578269b83edc249fa0693cb973

SHA512

8a8d0db415cddc6f3cc06fe63e0bf800fa4c4bcb7822cbf761dca20bea7201ebcfbed896defde118f02149273ee55a3ceb43d44ffa3b2557bd2ba11925bcfc83

Malware Config

Extracted

Family formbook
Version 4.1
C2

http://www.gloomyca.com/chue/

Decoy

hairdewproducts.com

whssboys.net

visual-promotions.com

alsgotyaexteriorcleaning.com

conwayconsultant.com

sjlartistrydesign.info

organicroomservice.com

elatedscents.com

selfauthering.com

variablemonsters.com

thedietcop.com

openhouseshamptonroads.com

tyrantthemes.com

trumppowercatamarans.com

yznx.xyz

jshfoodpantry.com

larmealoeil.com

biztradelines.com

axawinterthur.sucks

inspiredtravels.net

newyorkbookforuminc.net

gawahjrrzibne.com

navigateur-remunerateur.com

jbsteppin.net

city-lytes.com

id.computer

niteowldigital.com

gemgpmprp.icu

nqmarket.com

bluefroggrill.com

lifeatdestiny.com

healthsofia.com

everestjsc.com

suntech-power-us.com

ourweddingwhiskey.com

mbbuildersambalapuzha.com

rcsnowplow.com

anleizhifu.com

wangsit.net

gilly.store

yuyiznkj.xyz

elkhornmtnconstructionllc.com

aboutrecipes.info

formusautomate.com

songpa.city

calumetphoto-exposure.info

pupcure.com

inpuelec.com

sogoodbiz.com

zhengtai-dg.com

Targets
Target

pending orders0308 D2101002610 pdf.exe

MD5

346fb2689c7f90207ce5df0b60be8b14

Filesize

1MB

Score
10 /10
SHA1

3eee0df26d21393485821a95c2beffc8797d090b

SHA256

6a900970eda971ac9e4cc4263b78b6145ef6c5a94783c572805fdf3c85a8503a

SHA512

9875b395dc34b35f011916d89f3647b155821a4627256d1a7fd3c7af655dcec1e153b1ddcd764e957a404547c4cb6b930afbc358f065ec9671030cf82edf02f8

Tags

Signatures

  • Formbook

    Description

    Formbook is a data stealing malware which is capable of stealing data.

    Tags

  • Formbook Payload

    Tags

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
    Execution
      Exfiltration
        Impact
          Initial Access
            Lateral Movement
              Persistence
                Privilege Escalation
                  Tasks

                  static1