General

  • Target

    15072024_1333_12072024_Ticket Receipt and Fine.rar

  • Size

    1.1MB

  • Sample

    240715-qtpgbashpp

  • MD5

    09fdcc813bd56d6a1c4c41030ad9f605

  • SHA1

    9de5b60213074f74db1b60dda6c1ad83cf6792d5

  • SHA256

    199b27fd2960477373f8866cfe909c639e8a7393390e01de536356ac28d7c2d3

  • SHA512

    1510f7d378f881004447dd1da241dfdabd047f5fdff961be4e51934dabffd69af6c90fbb610d35a9540e38082327afd033542121e69a6818dfa6d3b3d0c609a9

  • SSDEEP

    24576:cVDHF6UqsV+RcBFVY6AlqbyPuhB5VDHF6UqsV+RcBFVY6AlqbyPuhBQ:sDHF6UqYAlqbyPuhB3DHF6UqYAlqbyPn

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

gb29

Decoy

deecentshop.xyz

agcpros.com

bzbbkmmf.xyz

marketprofissional.com

891237.com

hwqcoiu.xyz

ultimabet.store

nirikide.shop

rsstationary.com

sareease.com

genaidefense.com

mbn254.shop

92fwq.com

buses.life

zbcgf.shop

cheickfatoumata.com

jkendricksmusic.com

dokalopsia.digital

wr70.top

horebconstructioncorp.com

Targets

    • Target

      Abu Dhabi Police Offenders Publishing Images WSAbuDhabi.exe

    • Size

      1.0MB

    • MD5

      c64808bee3cbc24910d4a426d4123cce

    • SHA1

      eeff1a128b756e5d4eaabbca3db35c765f7f03f8

    • SHA256

      9039d85eec99722427577d83cfcf5464fa26d64ca5a40682ba3be7942a3e7155

    • SHA512

      372e126b49c5a7c1081c92b73a010d84a89f6e7f3ac5c9b6dc0668ca6e6f8390c495f0ef28d31f8460145693d3cb342b81be40fa2fa920ef2ed17460944bad99

    • SSDEEP

      24576:ntb20pkaCqT5TBWgNQ7a/zdBNeZXGraTPv6A:kVg5tQ7a/zdONGrab5

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Suspicious use of SetThreadContext

    • Target

      Receipt-30927862-Ticket#0973726-Fines-19346383.exe

    • Size

      1.0MB

    • MD5

      c64808bee3cbc24910d4a426d4123cce

    • SHA1

      eeff1a128b756e5d4eaabbca3db35c765f7f03f8

    • SHA256

      9039d85eec99722427577d83cfcf5464fa26d64ca5a40682ba3be7942a3e7155

    • SHA512

      372e126b49c5a7c1081c92b73a010d84a89f6e7f3ac5c9b6dc0668ca6e6f8390c495f0ef28d31f8460145693d3cb342b81be40fa2fa920ef2ed17460944bad99

    • SSDEEP

      24576:ntb20pkaCqT5TBWgNQ7a/zdBNeZXGraTPv6A:kVg5tQ7a/zdONGrab5

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Blocklisted process makes network request

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks