General
-
Target
RFQ.xlsx
-
Size
1.4MB
-
Sample
210114-ef22mkwmfe
-
MD5
c15273784bc0bf72b8c4a1118be6aa58
-
SHA1
6eca54832d4acd388a69a53ba5b8059e8cc2c29c
-
SHA256
d2139bcc2f4a4ac6e91de5f9f55d23743f61023e494fac3e13817a9f558d959e
-
SHA512
0c89c44fe4f2d9e0af857773d6a4d71e7311a1b44ea7b780cdb34f2ea38984e4d74876f0c9d608d8a30a331be295454d75baa51ef4dbdcb33e6d51c97cda1a7b
Malware Config
Extracted
formbook
http://www.bytecommunication.com/aky/
jeiksaoeklea.com
sagame-auto.net
soloseriolavoro.com
thecreatorsbook.com
superskritch.com
oroxequipment.com
heart-of-art.online
liwedfg.com
fisherofsouls.com
jota.xyz
nehyam.com
smart-contact-delivery.com
hoom.guru
dgryds.com
thesoakcpd.com
mishv.com
rings-factory.info
bero-craft-beers.com
podcastnamegenerators.com
856379813.xyz
Targets
-
-
Target
RFQ.xlsx
-
Size
1.4MB
-
MD5
c15273784bc0bf72b8c4a1118be6aa58
-
SHA1
6eca54832d4acd388a69a53ba5b8059e8cc2c29c
-
SHA256
d2139bcc2f4a4ac6e91de5f9f55d23743f61023e494fac3e13817a9f558d959e
-
SHA512
0c89c44fe4f2d9e0af857773d6a4d71e7311a1b44ea7b780cdb34f2ea38984e4d74876f0c9d608d8a30a331be295454d75baa51ef4dbdcb33e6d51c97cda1a7b
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Formbook Payload
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-