General

  • Target

    PO 09980.7z

  • Size

    337KB

  • Sample

    211014-j9pcxsgehj

  • MD5

    65e76ae9f711640ad4b14b4032c77bed

  • SHA1

    0362db3795a1aa8533db56ec582776d8fc454b91

  • SHA256

    1bc18c93db3e4a7aa6be09da21bff8ef310590a31e3d66e0e4dce94a546cdc9c

  • SHA512

    01e84784fc00d4db6664b2e24cb8fbfccaf5e671d43c23b2fed5469a70a410632471219c26b39f1c9dc5d65c35876948c45c72e18cfb4803f1ebc11fe6e81e83

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

dn7r

C2

http://www.yourherogarden.net/dn7r/

Decoy

eventphotographerdfw.com

thehalalcoinstaking.com

philipfaziofineart.com

intercoh.com

gaiaseyephotography.com

chatbotforrealestate.com

lovelancemg.com

marlieskasberger.com

elcongoenespanol.info

lepirecredit.com

distribution-concept.com

e99game.com

exit11festival.com

twodollartoothbrushclub.com

cocktailsandlawn.com

performimprove.network

24horas-telefono-11840.com

cosmossify.com

kellenleote.com

perovskite.energy

Targets

    • Target

      New Order 09980.exe

    • Size

      451KB

    • MD5

      6387893aceaabeda2d1ab2eb5d902057

    • SHA1

      1f8e30bf14f877fd200673e01cf53c45bb811fba

    • SHA256

      05492398a92bdb980442a4893b4db7f34e440ba791653c1bd232a7d8a6577372

    • SHA512

      bbfa58964f56e52e8edcfcc830c14da96d9532cac670f57d75d1d9699ac2bacc82be2d74571bc574546d522ea88479b9d6b7113e6cfe1a2f32b6681a4ba51bd7

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata: ET MALWARE FormBook CnC Checkin (GET)

    • Formbook Payload

    • Deletes itself

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Discovery

System Information Discovery

1
T1082

Tasks