General

  • Target

    mkhg_CDE_0915.rar

  • Size

    293KB

  • Sample

    231011-pkd4jsfb7w

  • MD5

    cf804e2fd52ef19ea1885bc8b23128b2

  • SHA1

    0ab7266affb47992cb48956bd1bfc11a999924dc

  • SHA256

    f9e2630c091701b27dd620807655fce9c9db2dd36dfcf382feafd8ef165f0946

  • SHA512

    a2350067ab37c39284554f32fcc448ca1c0ec91dc23725b6acb9d24929d8747b7ca8fd980903927743a02b06dbed5deef8cb206979ad82a6a15218bcf3953949

  • SSDEEP

    6144:+C23nvoVpa53ISIA7u064JAjZqc9qg8+6zVN4:723QVpEIST7u8Jc99q+iT4

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

k13s

Decoy

runbe.fun

factrip.com

zalenterprises.net

yoyufoods.com

soniakmahajan.com

jdfdht.site

provenimpact.net

hotelsmadridairport.com

avondalemclarenparts.com

champagnepelissot.com

dqnshtvn.click

barbarahensonrealestate.com

jrys117.top

amb168g.pro

zionsystem.live

highcaliberhusbands.com

dsc-marketing.com

outlemax.com

legalloanmaster.com

sky71.link

Targets

    • Target

      CDE 0915.exe

    • Size

      308KB

    • MD5

      8198d6bfbb6195d1658d7949a98e33ff

    • SHA1

      f0b4a41bd7dfd3e5eda456ab88de948407e3e8db

    • SHA256

      46436c9504931b7cedc6f56121141a9cca7389258def5ccb0981b9bbe2301cc5

    • SHA512

      54156e8483bcbe6a72df32a9aac438d9de82af956d6fac69c49a4cb1ab92863792dc1c0e27e44f0cd54f28136f3c72f6faca630e6a0f5734ebdbfcf17dc564d7

    • SSDEEP

      6144:LnPdudwDWtQFrtD0AaHPcmQUW6aeyVze25Sqvv+1YErCuWWQVaIaIJDbiV0bu:LnPdatQptD6HIRegeFuv+6EtWrJ/w0bu

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks