General

  • Target

    DHL Shipping DOC_987796013270.exe

  • Size

    645KB

  • Sample

    240717-he9jyazbkl

  • MD5

    51d304a31d64e8975c2cdfad3367f686

  • SHA1

    8cc59a68e3f6f6ada93abfbaeae2b6dc698cd085

  • SHA256

    a4de39a318f8fb37cf0ac7f320a6cf7f8b68a403ea26d3c5f8b82630f6693b70

  • SHA512

    e6158154334f211333430791dce7d90622b0cd90672607a2e3e1ac075b64c89c9313a0bc82196d6bbc80f036022b670fa35e6d7952d87b3e4566eeda2c0f9d59

  • SSDEEP

    12288:b51eKYx6+DaBbWTYoFnXFqdXKr87wgI7gY10ZAYbmOLPbIQdRlF6v/kR:jUo+uBsFBFMXU87QgYWaYbmOLhRv6va

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

dk07

Decoy

reclam.xyz

parchmentmediaadd.com

gaolibai.site

menage-exclusif.com

ceremoniesbyjade.com

5663876.com

take3.xyz

environmentaladvocacygroup.com

fp38z.rest

elektro-vlasic.com

bollybytestv.com

udfunsd.cloud

studiomiraiarq.com

e-commercebrasil.shop

sansiddhiedu.com

draaronroughan.net

24angel.com

rjh-equestrian.com

22db3rgdg6a73pea7.vip

mintygreen-wellnessportal.com

Targets

    • Target

      DHL Shipping DOC_987796013270.exe

    • Size

      645KB

    • MD5

      51d304a31d64e8975c2cdfad3367f686

    • SHA1

      8cc59a68e3f6f6ada93abfbaeae2b6dc698cd085

    • SHA256

      a4de39a318f8fb37cf0ac7f320a6cf7f8b68a403ea26d3c5f8b82630f6693b70

    • SHA512

      e6158154334f211333430791dce7d90622b0cd90672607a2e3e1ac075b64c89c9313a0bc82196d6bbc80f036022b670fa35e6d7952d87b3e4566eeda2c0f9d59

    • SSDEEP

      12288:b51eKYx6+DaBbWTYoFnXFqdXKr87wgI7gY10ZAYbmOLPbIQdRlF6v/kR:jUo+uBsFBFMXU87QgYWaYbmOLhRv6va

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks