General

  • Target

    _PAYMENT COPY PDF.7Z

  • Size

    685KB

  • Sample

    210423-1bw8bxl94j

  • MD5

    9e7f2dd645524d5e85544210ebaccac7

  • SHA1

    a221b4d9a680c487d31936d5a19f058d37a301b6

  • SHA256

    62496f422fef86419768d4ef36a3a8849eb043f20ebd9a750a694509d76da4f6

  • SHA512

    8814f99193aeaf8fac9b68f96a42def178feece53b37606355ae3941a59337883cc78df5930f2a36b70c08904059d2942e320ed227c3eb6615e9fae0a48aa881

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.the-techs.info/chue/

Decoy

wowmovies.today

magentos6.com

bi-nav.com

atlantahawks.sucks

wluabjy.icu

kevableinsights.com

lavidaenaustralia.com

stonermadeapparel.net

sondein.com

cirquedusoleilartist.com

kanjitem.com

tomofalltrades.site

mecanico.guru

tech2020s.com

amesoneco.com

theawfulliar.com

californiaadugurus.com

rentalservicesolutions.com

fsxbhd.club

casino-seo.com

Targets

    • Target

      PAYMENT COPY PDF.exe

    • Size

      886KB

    • MD5

      5fc2fc6fc06699743437326861f6f6f5

    • SHA1

      66466f85133f488d1caf2cda0bd337d7b5c3521a

    • SHA256

      4bb03ac06147c50ff9a8248d92e97dabb2cc58c6ffc70448018f3138dcc652b7

    • SHA512

      97db9fca3a99dbfd82fb1b81de4e5213aef785ec7334347d45e97d834b00437593a248b0b52fd78ae804220c08e8cbb61cb10233471da1f6499c13df22759041

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook Payload

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Execution

Command-Line Interface

1
T1059

Discovery

System Information Discovery

1
T1082

Tasks