Overview

overview

10

Static

static

5

DHL AWB DO...df.exe

windows7-x64

10

DHL AWB DO...df.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    27062024_1620_27062024_DHL AWB DOCUMENT.pdf.z

  • Size

    597KB

  • Sample

    240627-ttll7szbkg

  • MD5

    8a92b66578e9551fa96822e3105fe7f2

  • SHA1

    4b2fa3dd17b01d035790ed2be567e52a6c161920

  • SHA256

    15a93dedc52addc61a40e4249aa1f4abbba58e0bf719bfaef614533dad685162

  • SHA512

    d43eee2b26b4c52703d8893b129b27ad2b94fb4878644adfa0fe0ae59771de07c6355c9f95485326f96dc2bbdb85a9147e0495ffcc6ae4e733f2583cefefa2c8

  • SSDEEP

    12288:Dx9XxT71HqeLiwDhxQ4CvtJam136xOiCdqWRKUbrNlaYZSTsMx+:l9xTRTPCl4O36xU7VbrNl9ZSTsMx+

Score
10/10
formbookrn94ratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

rn94

Decoy

st68v.xyz

conciergenotary.net

qwechaotk.top

rtpdonatoto29.xyz

8ad.xyz

powermove.top

cameras-30514.bond

vanguardcoffee.shop

umoe53fxc1bsujv.buzz

consultoriamax.net

hplxx.com

ndu.wtf

yzh478c.xyz

bigbrown999.site

xiake07.asia

resdai.xyz

the35678.shop

ba6rf.rest

ceo688.com

phimxhot.xyz

Targets

    • Target

      DHL AWB DOCUMENT.pdf.exe

    • Size

      1.1MB

    • MD5

      5739a45063bad290793d71173c297aca

    • SHA1

      d60a385177c8955916948f88057fe5740c668238

    • SHA256

      e9c2049ebaa1664254905bf3d5ba58d7d5b09bf3a261c157f47acb0a44d9c4bb

    • SHA512

      439902ba158876e90ff7d0cd8f0b3fe7d1bed10cb6a990b4f3d0e8a9ee88a953d33b3137f4727e079371ea1061507200162c984902d10ab830f7abf4e561b76a

    • SSDEEP

      24576:WAHnh+eWsN3skA4RV1Hom2KXMmHaS5vpvus6vqVluK4n5:xh+ZkldoPK8YaSuZ

    Score
    10/10
    formbookrn94ratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks