General

  • Target

    avis 20036992762.zip

  • Size

    241KB

  • Sample

    211008-3gt79afabj

  • MD5

    b56bdb44f4ef4f965ff3d702400a8785

  • SHA1

    60cbd61058a1da99292a81aa6053e25aa258365c

  • SHA256

    70e8d7935728726e3f9eb5ca3b2000a8d6a3f6b79cf85453dbd7abce72447e98

  • SHA512

    e5e1bed4f56107d44e2f4bc67069cbbe571ae13072dba7a5995e4b704a2b616c5f06f5f97571ecc6dcdd7e429453a599a7f5be14e1606f24c577507235d4f49a

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

rv9n

C2

http://www.cjspizza.net/rv9n/

Decoy

olivia-grace.show

zhuwww.com

keiretsu.xyz

olidnh.space

searuleansec.com

2fastrepair.com

brooklynmetalroof.com

scodol.com

novaprint.pro

the-loaner.com

nextroundscap.com

zbwlggs.com

internetautodealer.com

xn--tornrealestate-ekb.com

yunjiuhuo.com

skandinaviskakryptobanken.com

coxivarag.rest

ophthalmologylab.com

zzzzgjcdbqnn98.net

doeful.com

Targets

    • Target

      yutrre123.exe

    • Size

      254KB

    • MD5

      7f0a0bc19a6da99c8ab7f8f77a1a6a59

    • SHA1

      0d961900905b134eca222792806e63bd7a43cfa3

    • SHA256

      f840ca48e6381b385534156b8245c39dee4d1c95e18569c91b5537ff2f20aa7d

    • SHA512

      59a7274d661cc22fff771a5e2c2eb6bf04fdf4caa9d70a034e15bbdc0b5071d3c769ab0967c705bc457c78e6a1d11f6b6f8a7a34282b48c0bdd6d3723e3485a4

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata: ET MALWARE FormBook CnC Checkin (GET)

    • Formbook Payload

    • Deletes itself

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Execution

Command-Line Interface

1
T1059

Discovery

System Information Discovery

2
T1082

Tasks