General

  • Target

    71b8b1793ced80821449811c0720b8d4e352a94eb653b65b332b33f2318408e9.zip

  • Size

    37KB

  • Sample

    240718-wwbk5atdka

  • MD5

    36ab5d730664d4b27d5be02ba3156dbd

  • SHA1

    59207c0824aa4d582c7ca0d55c0f60f066bedf37

  • SHA256

    8b824076cdcd18ea37ccb2f09146c269d408e21e1683cc4467ed2cb2f12f656f

  • SHA512

    61e1a6bbb32b7c9a04fd955d0aa0558bdbb5df411a30dfced625bea7cc04a186116f5e3a67819fa8d2e2b08aabfef808bbbb01bf9774a84d1a6d9f2c9bf771a6

  • SSDEEP

    768:gEoYTtfg82mhng880Ek3wRe5k3DmdsKQZxoU45XHG3RO/OK3bR2wKurwU:gE1ytmdZEk3wRe5kSdLKxz45Xm3ROv5f

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

mu94

Decoy

thenextamendment.net

automatiza.xyz

psikologhazelgungor.com

90857.net

robertoblondetrealtor.site

rv0awy.rest

74657.ooo

adigidea.com

world-healing.online

health4world.com

shyan.fun

anviltotable.com

vinger.online

juizltd.com

twmk.asia

cakescrushbyruby.com

listxtreme.com

00050026.xyz

finessedesignhouse.com

jsmm-27.xyz

Targets

    • Target

      PO1511-pdf.exe

    • Size

      134KB

    • MD5

      7f723f9e10de5dd1ce6d4e6bde89abe4

    • SHA1

      555e9af7d45b4436709150c474c28908225132f5

    • SHA256

      dd36a21b3f11b6142a898ce80d046abf5f8e0b62fa112957db619c865272ce20

    • SHA512

      ccce6e52dca4c11a8de88118b92b477c4f12f035557d6fe132d95e663d67721c76999cff688baeb349e494bfc89d49d636d8ff25207ed1c232f3b2f68508bb7e

    • SSDEEP

      3072:/kHnTc+neY+r6MVpHQhIB2E+kgaJysLTVm1AYUb:/kHTi3US/

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks