General

  • Target

    Orden specifications_pdf.exe

  • Size

    253KB

  • Sample

    210924-remjvahbej

  • MD5

    c95fe63506ee881dc52a785afa1afd59

  • SHA1

    f82a362e2b732f8d7ce36b5ec23ccb4d52eac15d

  • SHA256

    cb1140dd7751382a2d56c59755a2ff38b239805148af2d108cf4f1399ca0f753

  • SHA512

    9fc1103f862c728a107ea9d0b83026e3d400c323bcccd25b548eaa73a2a0d329d05ce8da6bb81439109a8189a08a826e241cfe251e3010b6da631dad4793ec40

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

dn7r

C2

http://www.yourherogarden.net/dn7r/

Decoy

eventphotographerdfw.com

thehalalcoinstaking.com

philipfaziofineart.com

intercoh.com

gaiaseyephotography.com

chatbotforrealestate.com

lovelancemg.com

marlieskasberger.com

elcongoenespanol.info

lepirecredit.com

distribution-concept.com

e99game.com

exit11festival.com

twodollartoothbrushclub.com

cocktailsandlawn.com

performimprove.network

24horas-telefono-11840.com

cosmossify.com

kellenleote.com

perovskite.energy

Targets

    • Target

      Orden specifications_pdf.exe

    • Size

      253KB

    • MD5

      c95fe63506ee881dc52a785afa1afd59

    • SHA1

      f82a362e2b732f8d7ce36b5ec23ccb4d52eac15d

    • SHA256

      cb1140dd7751382a2d56c59755a2ff38b239805148af2d108cf4f1399ca0f753

    • SHA512

      9fc1103f862c728a107ea9d0b83026e3d400c323bcccd25b548eaa73a2a0d329d05ce8da6bb81439109a8189a08a826e241cfe251e3010b6da631dad4793ec40

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata: ET MALWARE FormBook CnC Checkin (GET)

    • Formbook Payload

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Discovery

System Information Discovery

1
T1082

Tasks