General

  • Target

    16072024_1535_16072024_DHL_UOC2_240708172813545.pdf.z

  • Size

    570KB

  • Sample

    240716-s1ralasbre

  • MD5

    2eeaed47e2728788a89a6e53fa5f8aed

  • SHA1

    4d6e6530b3fed602a57f83789c9732146f09888c

  • SHA256

    fc46187003aa1a9985cee2654c50b04faa8167ac6f2e0a18234707fc7b8414af

  • SHA512

    4fe4acdd14751358512a6b2213733400faeb0209fecde31250a866e07d46bbf1b53e6ccba8ce9ab60d4fe1d2972b655b1870995633d6c37e02ad78cf02a10653

  • SSDEEP

    12288:Yn0MU5FtH6rPendz7ovrYa2zxCBDdFAfNdlMVp0dAgr1n+jme/lo:w/U5FtHgK/kEyPAf5GCkFo

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

rn94

Decoy

st68v.xyz

conciergenotary.net

qwechaotk.top

rtpdonatoto29.xyz

8ad.xyz

powermove.top

cameras-30514.bond

vanguardcoffee.shop

umoe53fxc1bsujv.buzz

consultoriamax.net

hplxx.com

ndu.wtf

yzh478c.xyz

bigbrown999.site

xiake07.asia

resdai.xyz

the35678.shop

ba6rf.rest

ceo688.com

phimxhot.xyz

Targets

    • Target

      DHL_UOC2_240708172813545.pdf.exe

    • Size

      1.0MB

    • MD5

      2465ce9d09372c4daf8a9d6d36c11915

    • SHA1

      08e205473e1bf912fe01e7183cc4e7f880f0e86c

    • SHA256

      fa9ea4e8935d55eb5ef1846b525f02572e147be07c11588e55475e1d7a173676

    • SHA512

      137e60039c82e7ace769a7914050b0dd7152a57780f4dcb7e6df0ad818fe38f45b2fc0e1ff4eb0d2f0d86cbc6fb0b1cdb74aafb224709755c390a2c390f5fed4

    • SSDEEP

      24576:EAHnh+eWsN3skA4RV1Hom2KXMmHa4N1hfjVEc5:Th+ZkldoPK8Ya4NvbVX

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Blocklisted process makes network request

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks