General

  • Target

    13092024_0418_12092024_Нова поръчка за покупка pdf.zip

  • Size

    1.0MB

  • Sample

    240913-ewz52svaqe

  • MD5

    a8712ef4ce5bd5eb79c7f198a9cf206f

  • SHA1

    e93ad4039c92231088c048aa9115b8724d4bcb75

  • SHA256

    2cacd2c25829111e524887bc198ef09960434e07948c8ffe68b1bdf28dc6083d

  • SHA512

    eabb4ca7f9ba15b2e7a8b773a3925d1bbe192039b758e3aa738f59cc1479867709d65d6f4ce2a7ebfbbcb6dad984a608701cbebfc42eb373b7d49d85fa5dd024

  • SSDEEP

    24576:LgwRCfZhhzI0EMQLeem8N5dGwC/jyaYda/saaC+uYhX8r5gLZy03TLhz2:LWZvImyLGjlYs/slXHLw8Z2

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

gy15

Decoy

hairsdeals.today

acob-saaad.buzz

9955.club

gild6222.vip

nline-shopping-56055.bond

lmadulles.top

utemodels.info

ighdd4675.online

nqqkk146.xyz

avasales.online

ortas-de-madeira.today

haad.xyz

races-dental-splints-15439.bond

hilohcreekpemf.online

rrivalgetaways.info

orktoday-2507-02-sap.click

eceriyayinlari.xyz

lsurfer.click

aston-saaae.buzz

etrot.pro

Targets

    • Target

      Нова поръчка за покупка pdf.exe

    • Size

      2.0MB

    • MD5

      212d2562e0f4d53f9fe595f730f14f95

    • SHA1

      74f3d0c8ac4cb82000b4e799e3ccc080a372b88e

    • SHA256

      22ee08b9678302f3671e7f1c6abd33866366b034faa9da27757fee2e05e23bf1

    • SHA512

      826cec49775fd6c4fc5f5ebfa374a8424fd5c2258cab5d64168d3465d827c6d5d23eb0a797b12e3f1b1d5a42d6df466bf43bbe6a1566d6daabbb9f7b94b33e8d

    • SSDEEP

      49152:8fDe+fmH7RRZ1UW84VCyH+4FAGqnx+lg3jszd8u1NhSCg6Ek/A:8fDQQs3fJ/A

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Formbook payload

    • Adds policy Run key to start application

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.