General

  • Target

    Audit Confirmation_pdf.exe

  • Size

    589KB

  • Sample

    231022-jgdeysfh77

  • MD5

    c93182a4cf39e6a36f143371cd3cdac1

  • SHA1

    9388f926f519112cad9bc5d58cb132a50acaf3ae

  • SHA256

    760d1dd7bb42f4e5326377a4d8368703b5638f6a14988e1a8ead94524b3a0139

  • SHA512

    9c8923b71c19dc7ec47a3df430d094fd6b55d727be51e7d68a1c594753c1ebe1e51134a8f21db12e02e2293325b0ba8b5298838762ed80320da8277a9403e0de

  • SSDEEP

    12288:L8zS55mFzaz4QP5y8YToG7a77FI0LcD8VrdYdQnoc2Z6uj0:Lf55qG4+5y8COm0LYW5YdQnWZ6G

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ls02

Decoy

vocabularybot.com

invisalignsmilesolutions.xyz

sleepdisorderinsomnia.com

bern.beauty

ahazmcdris.top

21874960sie8ca1.store

yeitced.xyz

biggerpictureventures.com

alduhagroup.com

itsolutions.biz

0oq6y.com

wildpolis.com

mariobet469.com

brynnwpods.com

tastywin.com

cou2m1.com

newaitrucks.com

puremeans.studio

mitienda-la.com

jujuresorthotel.com

Targets

    • Target

      Audit Confirmation_pdf.exe

    • Size

      589KB

    • MD5

      c93182a4cf39e6a36f143371cd3cdac1

    • SHA1

      9388f926f519112cad9bc5d58cb132a50acaf3ae

    • SHA256

      760d1dd7bb42f4e5326377a4d8368703b5638f6a14988e1a8ead94524b3a0139

    • SHA512

      9c8923b71c19dc7ec47a3df430d094fd6b55d727be51e7d68a1c594753c1ebe1e51134a8f21db12e02e2293325b0ba8b5298838762ed80320da8277a9403e0de

    • SSDEEP

      12288:L8zS55mFzaz4QP5y8YToG7a77FI0LcD8VrdYdQnoc2Z6uj0:Lf55qG4+5y8COm0LYW5YdQnWZ6G

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks