General

  • Target

    Payment Confirmation pdf.zip

  • Size

    468KB

  • Sample

    231011-paj7taea9s

  • MD5

    9b8ff8dcc263cde12265a39300fb5366

  • SHA1

    29f31a3be75099e189e3c6e6b5f9b494dfbe57d1

  • SHA256

    1fcb77e9eb02b7bf35fb2a6ff553f2aff57e1bc430938955ff53b8bae5aa3aa5

  • SHA512

    1aaa8096d25c8db091abe3adced200dfc42808a41f1d45eaa3741dd6c310a28f0538a56e5ca5ed7e2f373e69c28100cae75ec82826b9b764191a35e72338f672

  • SSDEEP

    12288:BwVj4oTNj/++FDIhQmbzNCwda9IKa3vRsLg8UlGhU2:BwVDRjW+FyQmbzRtvROKlG1

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

sn26

Decoy

resenha10.bet

gulshan-rajput.com

xbus.tech

z813my.cfd

wlxzjlny.cfd

auntengotiempo.com

canada-reservation.com

thegiftcompany.shop

esthersilveirapropiedades.com

1wapws.top

ymjblnvo.cfd

termokimik.net

kushiro-artist-school.com

bmmboo.com

caceresconstructionservices.com

kentuckywalkabout.com

bringyourcart.com

miamiwinetour.com

bobcatsocial.site

thirdmind.network

Targets

    • Target

      Payment Confirmation pdf.exe

    • Size

      572KB

    • MD5

      e42b52351546f4863993c2d6c7ccf7e8

    • SHA1

      cca1c810c899fced8df51716de10f3f81eef1b0e

    • SHA256

      ce56ba6e7d6693cf8b2110b6ce1789f9a38669af8e17c30ff83e9fec9372c372

    • SHA512

      ddd1aedd37f6ea5017f736b55e069237ea05a121cee65d57e782bb5984fde12452d8d51130caaa587d36a958e0e45499752d33008441cc31bbeeefaffb4d9888

    • SSDEEP

      12288:ww/+UwJvMMMDMMMiCUaDIhQmTzNCwna9IKSDvRsva8Ug/2:IvMMMDMMMiCFyQmTzDPvRMYm2

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks