General

  • Target

    Custom Clearance 5816641785332.cab

  • Size

    562KB

  • Sample

    240717-rpab9svarp

  • MD5

    c1e75f6607e31205b895d48b6357ba0c

  • SHA1

    138e36faa63c2396ac1bdc15dbcb44f3677b4b81

  • SHA256

    a54287191c76db416816b7a3af4bca08706b3d0b46b78ee0002f04c3b71c5414

  • SHA512

    35cf015c880f4ac22dc6764115edc672b937add97b05a63f5fef8c31537a1661c9684f0fc34658a91d7e2ea777600f45c0b09cc94c86830baf1052f9c8b852e5

  • SSDEEP

    12288:kZiZVtNbOHpEkZVitfPfvgrA4ZC7/gcI1rDuZ+YEAA+9lpMpg:kZiZIfVQPfoC/gcIxDuDEqPMe

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

na10

Decoy

tetheus.com

ventlikeyoumeanit.com

tintbliss.com

rinabet357.com

sapphireboutiqueusa.com

abc8bet6.com

xzcn3i7jb13cqei.buzz

pinktravelsnagpur.com

bt365038.com

rtpbossujang303.shop

osthirmaker.com

thelonelyteacup.com

rlc2019.com

couverture-charpente.com

productivagc.com

defendercarcare.com

abcentixdigital.com

petco.ltd

oypivh.top

micro.guru

Targets

    • Target

      Custom Clearance 5816641785332.exe

    • Size

      785KB

    • MD5

      6d8d9238f841e55f9b34ac5f2a438495

    • SHA1

      c7f8651a41b9ff7b0ca8e9e462f23758d76423bc

    • SHA256

      98744503d8f81bb42030a999aa4e2284717cfca54c4395ddfd72fd7bfea44872

    • SHA512

      9b1187eabf09aa32a4b2e88abb27390388d5b2a008fbeb3250ad8538f3f37fe7fb673ea1d0dbf437dd5006e38bd3c973ba7440e0ea571e7b2ccf6b520094da79

    • SSDEEP

      12288:5q9VTNbF6zEkZVi8fPiQgrZEZR79Hcg1pRavD7R5GtYG2ucIqB/:c99QVpPiJ+9Hcg7G7GVcB/

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Blocklisted process makes network request

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks