General

  • Target

    f75df0664db3536fe31bf757181423ccce5ee8d48aa218a7122e2f958e489441

  • Size

    451KB

  • Sample

    231023-cymavsfe62

  • MD5

    8154e2a85926c1b29e908140fb0c4bf2

  • SHA1

    561a9dfbf60d12b854188c55885f1af9e13c3e9b

  • SHA256

    f75df0664db3536fe31bf757181423ccce5ee8d48aa218a7122e2f958e489441

  • SHA512

    0a79edf701fc8643e52fce1d38b512791cf8b87a53f94f727cf777ce2feb88022d4c498a74ff9d5bff2e57ab261703ba88973b2ff78ebb461798e20c3d114a84

  • SSDEEP

    12288:/IETkfK1Nd9OvmxBzFC5XEs0b1qK3aDIBFKRDPA9EE0hl9+9:ACkCbd9OvmxhF8c1qpY9h8i

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

p9su

Decoy

calgaryweddingentertainment.com

beeskneessites.com

hikdv.sbs

thepresetopia.com

rosatierra.com

stfnhohc.asia

rpzclj.cfd

eqestimation.com

asianhdporn.net

korekapi.click

hetalenterprises.net

xxdxsm.com

vessah.com

contentmax888.com

wikeat.com

lamartravel.net

fuckorbit.com

fmraquetbol.com

car-painting-68470.bond

juicycouture-india.com

Targets

    • Target

      TT Copy pdf.exe

    • Size

      1.0MB

    • MD5

      e4e0ac37f6fb6783f87c71e259c13018

    • SHA1

      63db9ff67e712faa7bc816260ee1b1182ad3fcaa

    • SHA256

      07a965ce638e2d764dd7cb07406d9b0b96d497e9f0fffb5f792592f841612134

    • SHA512

      73eb3f597db18adb0aae63a482dce4f49357af49aaed6f0893256bff90ae913be02d991a3c191a792f6693d49f6ebc53dcec5a6e3daf15669a7d213dc714e78a

    • SSDEEP

      24576:2QsbNERLxJ0TGY2mtW2gdMMyEHv1rs+RQHVTaIAE/5Op9XGfQCrF:2lg6Kq

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • Formbook payload

    • ModiLoader Second Stage

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks