General

  • Target

    10072024_0105_09072024_Ticket Receipt and Fine.zip

  • Size

    629KB

  • Sample

    240710-bfg3raydph

  • MD5

    77f84d9bb591a2cf5391557aae585f3b

  • SHA1

    97b1a96a59077052861cf215739b32e3bd02fb5f

  • SHA256

    1859fec327baa69a10975e1884e4a70731b060e12aa8aca81dfe43e9e209f1df

  • SHA512

    b1305a9b3ff5719c7bdc7ce0f6ae00574f732467106675a57888ecb2a3a8dd604667c131e5ff753fb4ba7b5aba7576fd01c6b58d8d1c7cc6bf3b5eb838a3642d

  • SSDEEP

    12288:kvF+KA5ppnfw7/r1JYNxoZEWJ8QgZ97XKtq5E2wAq+GDJpqYvLeMcN0IlWTsOL:IlewP1JYQ78QO9jKQBdGDuYCM9IOL

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

pt46

Decoy

twinportslocal.com

rovor.store

98169.club

mdywl.com

jrd3s.rest

aston1717.top

floridawoodworkingmachinery.com

17tk555t.com

ankitsho.shop

seclameh.com

realrecordlabel.com

trenchonbirmingham.com

af28.top

rtp1kenzototo.com

theselflovesite.com

promotegetpaid.info

strategiclogisticsagency.com

learneracademy.net

per-watch.com

betbox2341.com

Targets

    • Target

      swift copy.exe

    • Size

      1.0MB

    • MD5

      8bd61d90030d503a329469db383abe88

    • SHA1

      97f2606294fea4e18ce600f2d96bdfa8ba1856ae

    • SHA256

      cb94f7e2d32391ffa226f27e39543a099f2867c9cc7602fb964b4358132b6a50

    • SHA512

      eee0a1f7b422a3bbe7b2a09714cbc5155724e4e67de08dca3d02e695dcdd533c58b3a376e1cdafd91bdef7c3e9db0a884ce968c5fc12e800cbd0674347de8b98

    • SSDEEP

      24576:lAHnh+eWsN3skA4RV1Hom2KXMmHaWDRMBST0M45:Uh+ZkldoPK8YaWDRM4T0T

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks