General

  • Target

    SWIFT_BJ23004300IU2398385.pdf.arj

  • Size

    399KB

  • Sample

    231023-e7ba3afh59

  • MD5

    4e6d768c6de5cbba0efcc8b58511b75c

  • SHA1

    91642b34c1ca4537fb68f95451ee4cd3a77b3b1f

  • SHA256

    01e2299e4f97e6d9e8ab10d0dd8ceae140087f96adf700e33a5092fe3ed613b7

  • SHA512

    2dce786df508ee0a44da30dfa4df3fef610e0cd1310f62c8e1da06814a259d748a04fb96a8ece754cb5a3fc1b14e1e1864bbcacbd7f3e45d1d68affb5a598656

  • SSDEEP

    6144:cWZP8vfplmpASL5mMjKmzxWVO/AT5CNlgjHhSr3eQ3z4/OtCnKV/DlO+0bzr3oZD:cT3plmNIU0O4AMBSbHRCGxO+q3Mr

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

sy22

Decoy

vinteligencia.com

displayfridges.fun

completetip.com

giallozafferrano.com

jizihao1.com

mysticheightstrail.com

fourseasonslb.com

kjnala.shop

mosiacwall.com

vandistreet.com

gracefullytouchedartistry.com

hbiwhwr.shop

mfmz.net

hrmbrillianz.com

funwarsztat.com

polewithcandy.com

ourrajasthan.com

wilhouettteamerica.com

johnnystintshop.com

asgnelwin.com

Targets

    • Target

      SWIFT_BJ23004300IU2398385.pdf.exe

    • Size

      426KB

    • MD5

      32da6e72c3efd2d3242c8e49ba196303

    • SHA1

      921978e022ace201a67e3bd29ce5efda33f3c391

    • SHA256

      fff1dacdf63f9d7d618c930f304a119d24fd3592eab317e988b208ad8819517f

    • SHA512

      5a27b0eb40f2681eb26c781433c36ce50d81dce1fe8c549944aa49985b01bf5a637f503bfd02936e0991525882a03a36b5f238aa5758477cae62f5d8c2705687

    • SSDEEP

      12288:zfLCxmUNqIg3XFhiR44O7lEJLbGQCVjxdrCcn:zfLC8U0IsF14O7+ZGJd2cn

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks