General

  • Target

    img1100020222911pdf.exe

  • Size

    228KB

  • Sample

    221130-rj5k8agc96

  • MD5

    d74737867056221a34fb0f606f46b695

  • SHA1

    26605c664c9b4b3bd1f007fa1068abb0bbfaf265

  • SHA256

    8dec08c523bc61d2d8da23da4d82ff33e89f69c7478578af3623f9411e1a38d0

  • SHA512

    5451a474a6cc55f220b43bfe0b65fe9ed2b7c66dfef0ab33b22e9b8fce26929235073ecd820681087100035b6091acf7106f927a98ca801696aa5e89c89901f4

  • SSDEEP

    6144:QBn1GdcqsCyQBYm/Zyo49qd/XvU1jO6IJO:gONsCyQBPsvmyjO6yO

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

mi08

Decoy

mytimebabes.com

ycpxb.com

abdkaplani.com

cloudingersoftech.com

fthfire.xyz

christyna.work

3d-add-on.com

knowyourtechdeals.com

kcl24.com

sepatubiker.com

sunnyboy.live

zrbsq.com

rinpari.com

lesac-berra.com

yes820.com

cnnorman.com

mystichousedv.com

sbobet888auto.com

gawiul.xyz

luispenas.com

Targets

    • Target

      img1100020222911pdf.exe

    • Size

      228KB

    • MD5

      d74737867056221a34fb0f606f46b695

    • SHA1

      26605c664c9b4b3bd1f007fa1068abb0bbfaf265

    • SHA256

      8dec08c523bc61d2d8da23da4d82ff33e89f69c7478578af3623f9411e1a38d0

    • SHA512

      5451a474a6cc55f220b43bfe0b65fe9ed2b7c66dfef0ab33b22e9b8fce26929235073ecd820681087100035b6091acf7106f927a98ca801696aa5e89c89901f4

    • SSDEEP

      6144:QBn1GdcqsCyQBYm/Zyo49qd/XvU1jO6IJO:gONsCyQBPsvmyjO6yO

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks