General

  • Target

    PO-2024151-pdf.gz

  • Size

    206KB

  • Sample

    240717-l9bg6swdqq

  • MD5

    a5454011b04118415253986709333d10

  • SHA1

    37dd9a706116b1477f65362e18302e4df44ea846

  • SHA256

    43a38e61e55656a97efa139ef3b52248ac2f2adf3b15bed9299a575867677d72

  • SHA512

    cb74faaa9a3c632049cf2e97b175747c22f0606eea798f5b0b707ff693a2a18f85f99c53ab29df74522c394c9d0ac86a327c9995b6d68131aa1f5a86789bc4dc

  • SSDEEP

    6144:MbtEh/z1EzMl9fe4NQZcYP74hvaOXVFEgF:u+x1EzO+tPp6Vj

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

mu94

Decoy

thenextamendment.net

automatiza.xyz

psikologhazelgungor.com

90857.net

robertoblondetrealtor.site

rv0awy.rest

74657.ooo

adigidea.com

world-healing.online

health4world.com

shyan.fun

anviltotable.com

vinger.online

juizltd.com

twmk.asia

cakescrushbyruby.com

listxtreme.com

00050026.xyz

finessedesignhouse.com

jsmm-27.xyz

Targets

    • Target

      PO-2024151-pdf.exe

    • Size

      519KB

    • MD5

      a7350ccb586d53c4f28bdc8db696b6a9

    • SHA1

      c8cd7d3c0aa6233109b92c3976bb8a9a680b7397

    • SHA256

      a94ee8ea98674e1714740123c2564eeac148992b5a1596972ace096bc8d9aa4a

    • SHA512

      b29d7c9a0a24bfd2ecbe21efe7a8594fdb5a757e666b43deae0d68130eb10143c55e6fe9306a55a44e7aa24c03b914a87e651aa65bdda309c358931cdf5fbe44

    • SSDEEP

      6144:OCent7w+F+HhCsLQcS7xI4KhwoGrC+skf8vKutKpfCLJHT6c:OCS9w+F+HgfHKhwoG2EEvK9ELJHT6c

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks