General

  • Target

    DHL_APC2_240708172813545.pdf.exe

  • Size

    703KB

  • Sample

    240714-j2p99avfkc

  • MD5

    ef21d03f6847389f89c057fd2dee4ba0

  • SHA1

    ab5de0026cb731e285d937a70bb1b16f5a2bb811

  • SHA256

    d16d34e4b1d1ef563842f3a0e691642da9f814bf240827e704caa57dc3106db0

  • SHA512

    84eb7f2dbc4de6619e7bcacdd97c6cf475a3ad4bd57da4a1969fa174553ecbc1d595fc0c94f3556244ff0d0c5e7c6ac45c14238a2bb3304c9429ff53b10fca77

  • SSDEEP

    12288:PdRLYVK+orvCrf9Sq/a4HUAiQ3qN0rPtD/0xCRFXcdjoKNl9NVPmHFmpfaO:PLL1+dsLjAM2WxCRFcp79N8spfD

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

rn94

Decoy

st68v.xyz

conciergenotary.net

qwechaotk.top

rtpdonatoto29.xyz

8ad.xyz

powermove.top

cameras-30514.bond

vanguardcoffee.shop

umoe53fxc1bsujv.buzz

consultoriamax.net

hplxx.com

ndu.wtf

yzh478c.xyz

bigbrown999.site

xiake07.asia

resdai.xyz

the35678.shop

ba6rf.rest

ceo688.com

phimxhot.xyz

Targets

    • Target

      DHL_APC2_240708172813545.pdf.exe

    • Size

      703KB

    • MD5

      ef21d03f6847389f89c057fd2dee4ba0

    • SHA1

      ab5de0026cb731e285d937a70bb1b16f5a2bb811

    • SHA256

      d16d34e4b1d1ef563842f3a0e691642da9f814bf240827e704caa57dc3106db0

    • SHA512

      84eb7f2dbc4de6619e7bcacdd97c6cf475a3ad4bd57da4a1969fa174553ecbc1d595fc0c94f3556244ff0d0c5e7c6ac45c14238a2bb3304c9429ff53b10fca77

    • SSDEEP

      12288:PdRLYVK+orvCrf9Sq/a4HUAiQ3qN0rPtD/0xCRFXcdjoKNl9NVPmHFmpfaO:PLL1+dsLjAM2WxCRFcp79N8spfD

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks