General
-
Target
Mv Maersk Kleven V949E.xlsx
-
Size
2.4MB
-
Sample
210119-afhykkfpfn
-
MD5
7be48590a40b95f8c880ea32c74bdd1b
-
SHA1
95b6f415362d44a6c3e6634b64dcaa57f460e548
-
SHA256
1c8c9700cce4a96d5b6de0cc0bc7de93a2eb0857ba6bf209175bbe1ef1fb03f2
-
SHA512
9ff9f5f07ccddf8ea0da07a89a0606985cef2d18b48f59a01d491440db5b3fe3e88f5c1c233a977148dcb2d6ab3fe85e8b06db0880fe2ee28c556c81d9e047f8
Malware Config
Extracted
formbook
http://www.embracingmyjourney.net/p7t/
crosvudigital.com
airgreenllc.com
epochryphal.com
handy-domain-listing.com
espaceideecreation.com
3sleeves.com
alotrooms.com
luttelion.com
efekaleci.xyz
allpapas.com
alverazricardez.com
meghandoria.com
deicorp-community.com
877nz.com
bahmanhochmetalwerks.com
teppeisugaya.com
kitrablog.digital
theatermoviebuying.com
ptlycloudy.com
ablehed.pro
Targets
-
-
Target
Mv Maersk Kleven V949E.xlsx
-
Size
2.4MB
-
MD5
7be48590a40b95f8c880ea32c74bdd1b
-
SHA1
95b6f415362d44a6c3e6634b64dcaa57f460e548
-
SHA256
1c8c9700cce4a96d5b6de0cc0bc7de93a2eb0857ba6bf209175bbe1ef1fb03f2
-
SHA512
9ff9f5f07ccddf8ea0da07a89a0606985cef2d18b48f59a01d491440db5b3fe3e88f5c1c233a977148dcb2d6ab3fe85e8b06db0880fe2ee28c556c81d9e047f8
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Formbook Payload
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-