General

  • Target

    PO-2024151-pdf

  • Size

    519KB

  • Sample

    240717-jghpnstfrd

  • MD5

    a7350ccb586d53c4f28bdc8db696b6a9

  • SHA1

    c8cd7d3c0aa6233109b92c3976bb8a9a680b7397

  • SHA256

    a94ee8ea98674e1714740123c2564eeac148992b5a1596972ace096bc8d9aa4a

  • SHA512

    b29d7c9a0a24bfd2ecbe21efe7a8594fdb5a757e666b43deae0d68130eb10143c55e6fe9306a55a44e7aa24c03b914a87e651aa65bdda309c358931cdf5fbe44

  • SSDEEP

    6144:OCent7w+F+HhCsLQcS7xI4KhwoGrC+skf8vKutKpfCLJHT6c:OCS9w+F+HgfHKhwoG2EEvK9ELJHT6c

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

mu94

Decoy

thenextamendment.net

automatiza.xyz

psikologhazelgungor.com

90857.net

robertoblondetrealtor.site

rv0awy.rest

74657.ooo

adigidea.com

world-healing.online

health4world.com

shyan.fun

anviltotable.com

vinger.online

juizltd.com

twmk.asia

cakescrushbyruby.com

listxtreme.com

00050026.xyz

finessedesignhouse.com

jsmm-27.xyz

Targets

    • Target

      PO-2024151-pdf

    • Size

      519KB

    • MD5

      a7350ccb586d53c4f28bdc8db696b6a9

    • SHA1

      c8cd7d3c0aa6233109b92c3976bb8a9a680b7397

    • SHA256

      a94ee8ea98674e1714740123c2564eeac148992b5a1596972ace096bc8d9aa4a

    • SHA512

      b29d7c9a0a24bfd2ecbe21efe7a8594fdb5a757e666b43deae0d68130eb10143c55e6fe9306a55a44e7aa24c03b914a87e651aa65bdda309c358931cdf5fbe44

    • SSDEEP

      6144:OCent7w+F+HhCsLQcS7xI4KhwoGrC+skf8vKutKpfCLJHT6c:OCS9w+F+HgfHKhwoG2EEvK9ELJHT6c

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Blocklisted process makes network request

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks