General

  • Target

    10072024_1537_10072024_MV SHUHA QUEEN II_pdf.zip

  • Size

    632KB

  • Sample

    240710-s2g4baxhrh

  • MD5

    22d4f25066061024a593534558c2a5ed

  • SHA1

    1a041801c54e3d913058245ab16971802a54fc74

  • SHA256

    cdcf45cb0cc953590265e0f702900016c42b0b4186b2566edbd142eaaf116b6c

  • SHA512

    93920b6ea34eb1ec025a41de53c7cc86a58924ad7e54d486b2e63a4a4fe9c13c73f4a85fc3ca120896660bbad70d1fefee6247bbca25daab5edb26e317cf6d83

  • SSDEEP

    12288:DmOf2+D/+/SchqhClBazZ0W1UbhMmnC6/t1CPqj+Z3vHLy2zEwCqb:qOfV/Aqh4YEMuT/se+/J

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

cn21

Decoy

akimov.space

melrco831y.top

elinaglow.shop

sweetseductive.shop

natapocbrewing.com

hobnob.xyz

mashroomstore.com

vx67.top

wajibars.xyz

totomatodomo.com

meeta.club

ohmynatur.com

dgsonomacounty.net

house3d.xyz

friendlyzn.christmas

17tk555k.com

ar-delivery-jobs-8j.bond

charmedfabricsandmore.com

daddy-casino-yvg.buzz

owaman.com

Targets

    • Target

      MV SHUHA QUEEN II_pdf.exe

    • Size

      1.0MB

    • MD5

      bccc8fa74daafdc78bb79be80f690672

    • SHA1

      c748a85ee28e4335fcbbe2350f1fcfa1f7340ed8

    • SHA256

      7d54c85e082d15f6d65963f6d38e4c101d824a337f48a6d1d2da77ffacfe279f

    • SHA512

      964446a8aeb1c997b07ee4460e6b0d6466d6cd2eef5c08f560447353c3b9417a55ff07273ad1af78ae1227ab9c0065b613f3d346f78b673d71a0f6258d6bea14

    • SSDEEP

      24576:eAHnh+eWsN3skA4RV1Hom2KXMmHaOL/y+cNgY5:Jh+ZkldoPK8YaOTVUL

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks