General

  • Target

    ORDER#60541 PDF.exe

  • Size

    308KB

  • Sample

    231011-pfwg2agf52

  • MD5

    316a7b13ad3a427cfff4398ea219e0a1

  • SHA1

    d40d5af3e7e6a32196a99afc104d5d3b1ce19cce

  • SHA256

    dc5eb730f1df702be89804ca234b60fec5fed7b6ed8d6c719f7006f40775f888

  • SHA512

    101c059f79ab51d438ac71867846a2748d4a99382230fb020d7ab37fa9d48e33d8b121ef0d9b0348d72c6793f25cffdc52c52196651efae8b5edafa628aa75e2

  • SSDEEP

    6144:LnPdudwDN8L2nP5qqhj0SXmP+wN0r9+AOSctemboVrRChniJTpfnsqwwEZAyiX:LnPdB8L2nthISsNOjO5eeoIVITp/s9FC

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

sn26

Decoy

resenha10.bet

gulshan-rajput.com

xbus.tech

z813my.cfd

wlxzjlny.cfd

auntengotiempo.com

canada-reservation.com

thegiftcompany.shop

esthersilveirapropiedades.com

1wapws.top

ymjblnvo.cfd

termokimik.net

kushiro-artist-school.com

bmmboo.com

caceresconstructionservices.com

kentuckywalkabout.com

bringyourcart.com

miamiwinetour.com

bobcatsocial.site

thirdmind.network

Targets

    • Target

      ORDER#60541 PDF.exe

    • Size

      308KB

    • MD5

      316a7b13ad3a427cfff4398ea219e0a1

    • SHA1

      d40d5af3e7e6a32196a99afc104d5d3b1ce19cce

    • SHA256

      dc5eb730f1df702be89804ca234b60fec5fed7b6ed8d6c719f7006f40775f888

    • SHA512

      101c059f79ab51d438ac71867846a2748d4a99382230fb020d7ab37fa9d48e33d8b121ef0d9b0348d72c6793f25cffdc52c52196651efae8b5edafa628aa75e2

    • SSDEEP

      6144:LnPdudwDN8L2nP5qqhj0SXmP+wN0r9+AOSctemboVrRChniJTpfnsqwwEZAyiX:LnPdB8L2nthISsNOjO5eeoIVITp/s9FC

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks