General

  • Target

    ORDER#60541 PDF.r00

  • Size

    293KB

  • Sample

    231011-pjk6gafa71

  • MD5

    73312dcf38018e6744dbb69975f4af02

  • SHA1

    a765625f2c94633b53826e9d6c12228a5dc0e386

  • SHA256

    65ec99a9c28ef34b40a2047b155d333990ee656804af0c2f8b4966f630d86c77

  • SHA512

    9a63bb2150b84f450c6519b69baa3a1c6ac56e1875b06052c4b008bd41cbfcf9577909cc8e2f9295e971075557ecc70f1b140615d71a41b8569a78e6d3ddde2e

  • SSDEEP

    6144:QQBkZci1AQgXg1voorKXb5rNnOB/BVeyYhMhOHHPkZvKyA9:QLdAQgQvb+t5OB/BsRWZvKL

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

sn26

Decoy

resenha10.bet

gulshan-rajput.com

xbus.tech

z813my.cfd

wlxzjlny.cfd

auntengotiempo.com

canada-reservation.com

thegiftcompany.shop

esthersilveirapropiedades.com

1wapws.top

ymjblnvo.cfd

termokimik.net

kushiro-artist-school.com

bmmboo.com

caceresconstructionservices.com

kentuckywalkabout.com

bringyourcart.com

miamiwinetour.com

bobcatsocial.site

thirdmind.network

Targets

    • Target

      ORDER#60541 PDF.exe

    • Size

      308KB

    • MD5

      316a7b13ad3a427cfff4398ea219e0a1

    • SHA1

      d40d5af3e7e6a32196a99afc104d5d3b1ce19cce

    • SHA256

      dc5eb730f1df702be89804ca234b60fec5fed7b6ed8d6c719f7006f40775f888

    • SHA512

      101c059f79ab51d438ac71867846a2748d4a99382230fb020d7ab37fa9d48e33d8b121ef0d9b0348d72c6793f25cffdc52c52196651efae8b5edafa628aa75e2

    • SSDEEP

      6144:LnPdudwDN8L2nP5qqhj0SXmP+wN0r9+AOSctemboVrRChniJTpfnsqwwEZAyiX:LnPdB8L2nthISsNOjO5eeoIVITp/s9FC

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks