General

  • Target

    Paid Invoices pdf.zip

  • Size

    294KB

  • Sample

    231011-pahc8aea8t

  • MD5

    d93a41e0bb949cc347179ab09ee402a4

  • SHA1

    d1bfc6f915e9c3bc2258d6a7b5ec7bd30dfdf6f8

  • SHA256

    b117bc0cc338ead0a57db5dacbdf3ed2210b2e290a2b2428e3cead53e4802480

  • SHA512

    7f01a826465603255fd5e14a46d560d235d38a029e54ad0253b4693424fe63077311c3d44284863c533593a34ba4654c8d30efcf726910dcae7cf41a009125be

  • SSDEEP

    6144:jmdII4R485qqhjGSXmP+wN0rd+AOMctemboXrRChniJT1fnsqywEBAyip:jNHJhSSsNYjOvee4IVIT1/slFBAyip

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

sn26

Decoy

resenha10.bet

gulshan-rajput.com

xbus.tech

z813my.cfd

wlxzjlny.cfd

auntengotiempo.com

canada-reservation.com

thegiftcompany.shop

esthersilveirapropiedades.com

1wapws.top

ymjblnvo.cfd

termokimik.net

kushiro-artist-school.com

bmmboo.com

caceresconstructionservices.com

kentuckywalkabout.com

bringyourcart.com

miamiwinetour.com

bobcatsocial.site

thirdmind.network

Targets

    • Target

      Paid Invoices pdf.exe

    • Size

      308KB

    • MD5

      316a7b13ad3a427cfff4398ea219e0a1

    • SHA1

      d40d5af3e7e6a32196a99afc104d5d3b1ce19cce

    • SHA256

      dc5eb730f1df702be89804ca234b60fec5fed7b6ed8d6c719f7006f40775f888

    • SHA512

      101c059f79ab51d438ac71867846a2748d4a99382230fb020d7ab37fa9d48e33d8b121ef0d9b0348d72c6793f25cffdc52c52196651efae8b5edafa628aa75e2

    • SSDEEP

      6144:LnPdudwDN8L2nP5qqhj0SXmP+wN0r9+AOSctemboVrRChniJTpfnsqwwEZAyiX:LnPdB8L2nthISsNOjO5eeoIVITp/s9FC

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks