General

  • Target

    DHL-Official-Returned Document_Details & Forms for shipment_Monday_03_10.exe

  • Size

    439KB

  • Sample

    221003-jzzqxafhen

  • MD5

    4bdca6f10a1373637dd801a75fc1f81c

  • SHA1

    3e1c99df19444b2441add587488d08d104b1f0ce

  • SHA256

    c4d1c39814d1e2d2aff5e0bd608585c6ff9c932c3480d73eb30310cf3c4be029

  • SHA512

    ef265050be955af1cb9ad3f811135c4c47c95ed1f1ca6f8aaa1ec2940452d53c1e923a85c38a5bca9efe402782c85e4e7e992acacfac02b2bff23559dd69d9aa

  • SSDEEP

    6144:1wdzgWHDaQSfwCnF3a44NPaQkodOEisSAv++Ki:AtsfJ3kaQlOEijw8

Malware Config

Extracted

Family

formbook

Campaign

sfku

Decoy

UxeFicUbOpd46AQYtA==

IJ+RNyP7bSXZVa7DG8UCPvdo

YaaIFQ9pTkowvTJzXI9C

POI6NVvR+O1PL7S/1t5T+wFu

H6SPKSyBd2A73mRqLrZCihwwbF7/5CM=

wSobu7GXOEncCJTU5uVT+wFu

ntC8I5ATSW7X5Eg=

1cAlOMOvTR2Pms1g7i8=

YF89pQ5Nwl1ktPQ1vg==

xd3te2m1055/I10=

HUYtlhf5aMFlTyUptg==

s7apYiwKg1LOBHiJisclZYykJ2YX

ADP8saeVNh/gavD3IJrjzxY=

lTykxcRnft2YWgG3AnKtoQ==

jRUJrqaSMyvE9Wq33eFT+wFu

hOk8LymRnYPlBHbSer7aHL/dINi1cz5j

LiUEmVNXsslNh1Oc

P3h7+mjnFZ5oUFTnWNFnqw==

EWpB5dnQblC+8G58lElfer0t9Q==

5eXHkp8tRabI

Targets

    • Target

      DHL-Official-Returned Document_Details & Forms for shipment_Monday_03_10.exe

    • Size

      439KB

    • MD5

      4bdca6f10a1373637dd801a75fc1f81c

    • SHA1

      3e1c99df19444b2441add587488d08d104b1f0ce

    • SHA256

      c4d1c39814d1e2d2aff5e0bd608585c6ff9c932c3480d73eb30310cf3c4be029

    • SHA512

      ef265050be955af1cb9ad3f811135c4c47c95ed1f1ca6f8aaa1ec2940452d53c1e923a85c38a5bca9efe402782c85e4e7e992acacfac02b2bff23559dd69d9aa

    • SSDEEP

      6144:1wdzgWHDaQSfwCnF3a44NPaQkodOEisSAv++Ki:AtsfJ3kaQlOEijw8

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Blocklisted process makes network request

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks