General

  • Target

    Payment Confirmation pdf.exe

  • Size

    572KB

  • Sample

    231011-pf7v3aeg51

  • MD5

    e42b52351546f4863993c2d6c7ccf7e8

  • SHA1

    cca1c810c899fced8df51716de10f3f81eef1b0e

  • SHA256

    ce56ba6e7d6693cf8b2110b6ce1789f9a38669af8e17c30ff83e9fec9372c372

  • SHA512

    ddd1aedd37f6ea5017f736b55e069237ea05a121cee65d57e782bb5984fde12452d8d51130caaa587d36a958e0e45499752d33008441cc31bbeeefaffb4d9888

  • SSDEEP

    12288:ww/+UwJvMMMDMMMiCUaDIhQmTzNCwna9IKSDvRsva8Ug/2:IvMMMDMMMiCFyQmTzDPvRMYm2

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

sn26

Decoy

resenha10.bet

gulshan-rajput.com

xbus.tech

z813my.cfd

wlxzjlny.cfd

auntengotiempo.com

canada-reservation.com

thegiftcompany.shop

esthersilveirapropiedades.com

1wapws.top

ymjblnvo.cfd

termokimik.net

kushiro-artist-school.com

bmmboo.com

caceresconstructionservices.com

kentuckywalkabout.com

bringyourcart.com

miamiwinetour.com

bobcatsocial.site

thirdmind.network

Targets

    • Target

      Payment Confirmation pdf.exe

    • Size

      572KB

    • MD5

      e42b52351546f4863993c2d6c7ccf7e8

    • SHA1

      cca1c810c899fced8df51716de10f3f81eef1b0e

    • SHA256

      ce56ba6e7d6693cf8b2110b6ce1789f9a38669af8e17c30ff83e9fec9372c372

    • SHA512

      ddd1aedd37f6ea5017f736b55e069237ea05a121cee65d57e782bb5984fde12452d8d51130caaa587d36a958e0e45499752d33008441cc31bbeeefaffb4d9888

    • SSDEEP

      12288:ww/+UwJvMMMDMMMiCUaDIhQmTzNCwna9IKSDvRsva8Ug/2:IvMMMDMMMiCFyQmTzDPvRMYm2

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks