General

  • Target

    Purchase Order #330716o.exe

  • Size

    704KB

  • Sample

    210508-ytpmrylrbe

  • MD5

    96b356e875a0578b468ae325279bbbdf

  • SHA1

    6f3ab69ca49850f49a8b67a76c7788e9988868f1

  • SHA256

    cb44a6f7264ae4707ae8b0db82d0f62766f996f7bd37586401e11e5bccb30bd7

  • SHA512

    de07bdc4e658c76da605f9fa45e22844b01f81bc9ec893d2e8cef44fe419b986527c49f6b7fb27a5dad7f2118d07ae3dbfc74c8791dc0b4745041852450086dd

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.itoatoapparel.com/hfg/

Decoy

0nqcaw.com

seamtube.com

chinachongren.com

shop-deinen-deal.com

socialmediabutler.net

careerenabler.net

trumpmasksshop.com

theopulencegroups.com

meshfacilities.com

sedaifu.com

ahesitanttraveler.com

xn--nbkvf9b5bzfx438ch6sa.com

iqrafootwearbd.com

akurasushinewyorkny.com

paginasny.com

www7shire.com

frenchyoutlet.com

lw14.com

nmdetransports.net

advjuniorconsultoria.com

Targets

    • Target

      Purchase Order #330716o.exe

    • Size

      704KB

    • MD5

      96b356e875a0578b468ae325279bbbdf

    • SHA1

      6f3ab69ca49850f49a8b67a76c7788e9988868f1

    • SHA256

      cb44a6f7264ae4707ae8b0db82d0f62766f996f7bd37586401e11e5bccb30bd7

    • SHA512

      de07bdc4e658c76da605f9fa45e22844b01f81bc9ec893d2e8cef44fe419b986527c49f6b7fb27a5dad7f2118d07ae3dbfc74c8791dc0b4745041852450086dd

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook Payload

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks