General

  • Target

    DHL Consignment Details_pdf.exe

  • Size

    814KB

  • Sample

    221128-trm29agc44

  • MD5

    4b0aae802eb153655ab48663ac2ba56e

  • SHA1

    58586704ac109833b18aa30118cb7e44964f73dc

  • SHA256

    bf7e149d1f9261676dcfd400ee235372b01f64302efc5be2eb053308e1203d73

  • SHA512

    92fea6e2d5bb331241963b8de46996df87be991f88e2a24cb38fae71d82e7ed1c9b0a19a2bddddd11256dd671c442ffbc9e7a54ee3f243a0f6d5ab01f7b9d199

  • SSDEEP

    12288:4K7dB+Xx8eIg95lMJk50vEQ8K0FWfK/2FzmEvB1m7KTHRyoY:aIgvyJrvEQ8NFWFCGfmOjRpY

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

j17j

Decoy

playphf.live

solarthinfilmtec.com

gdhaoshan.com

posh-designs.com

369andrewst.com

doverupblications.com

hengshangmei.com

decungo.com

checksinthemaiil.com

4localde.com

wetakeoveryourhousepayments.com

overcharge-center.com

mmmmmboulder.com

almaszarrin.net

enterpriseturkey.com

lanierfurniture.com

lhzb726-gw021.vip

onuiol.com

dmitrytodosyev.com

117uuu.com

Targets

    • Target

      DHL Consignment Details_pdf.exe

    • Size

      814KB

    • MD5

      4b0aae802eb153655ab48663ac2ba56e

    • SHA1

      58586704ac109833b18aa30118cb7e44964f73dc

    • SHA256

      bf7e149d1f9261676dcfd400ee235372b01f64302efc5be2eb053308e1203d73

    • SHA512

      92fea6e2d5bb331241963b8de46996df87be991f88e2a24cb38fae71d82e7ed1c9b0a19a2bddddd11256dd671c442ffbc9e7a54ee3f243a0f6d5ab01f7b9d199

    • SSDEEP

      12288:4K7dB+Xx8eIg95lMJk50vEQ8K0FWfK/2FzmEvB1m7KTHRyoY:aIgvyJrvEQ8NFWFCGfmOjRpY

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks