General

  • Target

    Orden 01000902.rar

  • Size

    240KB

  • Sample

    210924-xw6a6shgd3

  • MD5

    6299fbf53be5152b592546e5f48c7b5c

  • SHA1

    b19582d11945d5f510c02c6a2c69d90775ed94f0

  • SHA256

    d9461e44f7e733f57fe3b98291531b4e506978b8a511d265c95d1d7715b3159b

  • SHA512

    8db9e085708a1cb21eaf03df36ff9733085eeb2a410967e14526715d48945ee11dbc7f751068aa2464fb0cda7ecddac3033175c2a59807ebb107366b29a6c54e

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

dn7r

C2

http://www.yourherogarden.net/dn7r/

Decoy

eventphotographerdfw.com

thehalalcoinstaking.com

philipfaziofineart.com

intercoh.com

gaiaseyephotography.com

chatbotforrealestate.com

lovelancemg.com

marlieskasberger.com

elcongoenespanol.info

lepirecredit.com

distribution-concept.com

e99game.com

exit11festival.com

twodollartoothbrushclub.com

cocktailsandlawn.com

performimprove.network

24horas-telefono-11840.com

cosmossify.com

kellenleote.com

perovskite.energy

Targets

    • Target

      Orden specifications_pdf.exe

    • Size

      253KB

    • MD5

      c95fe63506ee881dc52a785afa1afd59

    • SHA1

      f82a362e2b732f8d7ce36b5ec23ccb4d52eac15d

    • SHA256

      cb1140dd7751382a2d56c59755a2ff38b239805148af2d108cf4f1399ca0f753

    • SHA512

      9fc1103f862c728a107ea9d0b83026e3d400c323bcccd25b548eaa73a2a0d329d05ce8da6bb81439109a8189a08a826e241cfe251e3010b6da631dad4793ec40

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook Payload

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Discovery

System Information Discovery

1
T1082

Tasks