General

  • Target

    comandă de achiziție pdf.exe

  • Size

    409KB

  • Sample

    220127-qcn48adee2

  • MD5

    6d1c90c44010cfd2f785c5d415a5cd18

  • SHA1

    37a88f4f80b5e8e4345eefbbb9f2b23df08de18a

  • SHA256

    3d28df7c5fa301b4e6d80f4bbc9dfa70bec762ca5ef085bcc8373b4b359b177f

  • SHA512

    ace2fe025f112cf2bff848f5c6e8709b6db239d919d1b3ae0c63edcc2cdbe4ea941f7d2012e99d50ef80df36c36d630bc709ea8f59672416bffacbca6d09d32c

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

g2m3

Decoy

stocktonfingerprinting.com

metaaiqr.com

junicy.com

libertymutualgrou.com

jklhs7gl.xyz

alex-covalcova.space

socialfiguild.com

drnicholasreid.com

androidappprogrammierie.com

relatingtohumans.com

jitsystems.com

gbwpmz.com

lesaventuresdecocomango.com

wu8ggqdv077p.xyz

autnvg.com

wghakt016.xyz

lagosian.store

hilldoor.com

oculos-ajustavel-br.xyz

nameniboothac.com

Targets

    • Target

      comandă de achiziție pdf.exe

    • Size

      409KB

    • MD5

      6d1c90c44010cfd2f785c5d415a5cd18

    • SHA1

      37a88f4f80b5e8e4345eefbbb9f2b23df08de18a

    • SHA256

      3d28df7c5fa301b4e6d80f4bbc9dfa70bec762ca5ef085bcc8373b4b359b177f

    • SHA512

      ace2fe025f112cf2bff848f5c6e8709b6db239d919d1b3ae0c63edcc2cdbe4ea941f7d2012e99d50ef80df36c36d630bc709ea8f59672416bffacbca6d09d32c

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook Payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Discovery

System Information Discovery

1
T1082

Tasks