General

  • Target

    Invoice_Payment_Confirmation_INV#240085_pdf.exe

  • Size

    1.1MB

  • Sample

    241114-c75tkaxjdr

  • MD5

    1b597c240cd23fda73024ed811e4a906

  • SHA1

    f773bdd6e924b65284d8a9ef67f61615a9764a8e

  • SHA256

    8a91c4bf99a674909e6993d52e061547517056d36f9b8e828a9148eb412ffa73

  • SHA512

    d1f00b959befd0c8f91587311d715508c45fb279e661f4ffacb5e3e5f0f19e4151f6baa35ff49fc5d7afe5bb0b09d96346da5d7b0324ee85edb4885ce07f07dc

  • SSDEEP

    24576:Etb20pkaCqT5TBWgNQ7aXe1SQkPXr8mzcLk6A:tVg5tQ7aXe1bkPXAmzcY5

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

f29s

Decoy

rostnixon.net

exxxwordz.xyz

ndradesanches.shop

eneral-vceef.xyz

isanbowl.top

aresrasherregard.cfd

dzas-yeah.xyz

0083.miami

hongziyin01.top

jdhfmq.live

alembottling.net

vtyo-phone.xyz

kaqb-decade.xyz

odel-lsmfz.xyz

aradise.tech

uan123-rtp43.xyz

pusptracking.xyz

uqhi42.xyz

mihy-professor.xyz

mnz-your.xyz

Targets

    • Target

      Invoice_Payment_Confirmation_INV#240085_pdf.exe

    • Size

      1.1MB

    • MD5

      1b597c240cd23fda73024ed811e4a906

    • SHA1

      f773bdd6e924b65284d8a9ef67f61615a9764a8e

    • SHA256

      8a91c4bf99a674909e6993d52e061547517056d36f9b8e828a9148eb412ffa73

    • SHA512

      d1f00b959befd0c8f91587311d715508c45fb279e661f4ffacb5e3e5f0f19e4151f6baa35ff49fc5d7afe5bb0b09d96346da5d7b0324ee85edb4885ce07f07dc

    • SSDEEP

      24576:Etb20pkaCqT5TBWgNQ7aXe1SQkPXr8mzcLk6A:tVg5tQ7aXe1bkPXAmzcY5

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook family

    • Formbook payload

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks