General
-
Target
SHEXD201990876_SHIPPING_DOCUMENT.xlsx
-
Size
2.5MB
-
Sample
210119-bmnpxk3gfj
-
MD5
2c9db0d5c6a4be66adb184938d9db249
-
SHA1
1e69dfa4b0658e2ebc4e0dc1f2af49b64461e961
-
SHA256
722cdd01068078065b845e83ae2bb9da3683de4f756cf2a8a894a2780f42013d
-
SHA512
14fb97dce253ebbddccdbe8a437869d60177695ae5e550173b3fad18ea5cdfb1a795c328c52d7f0e58def26c25dfa85f358f87d69115554860b0c1344d0b9261
Malware Config
Extracted
formbook
http://www.theatomicshots.com/xle/
tknbr.com
loyaloneconstruction.com
what-where.com
matebacapital.com
marriedandmore.com
qiemfsolutions.com
graececonsulting.com
www7456.com
littlefreecherokeelibrary.com
tailgatepawkinglot.com
musheet.com
tesfamariamtb.com
1728025.com
xceltechuae.com
harperandchloe.com
thepamperedbarber.com
5050alberta.com
supplychainstrainer.com
lacorte.group
ringingbear.com
Targets
-
-
Target
SHEXD201990876_SHIPPING_DOCUMENT.xlsx
-
Size
2.5MB
-
MD5
2c9db0d5c6a4be66adb184938d9db249
-
SHA1
1e69dfa4b0658e2ebc4e0dc1f2af49b64461e961
-
SHA256
722cdd01068078065b845e83ae2bb9da3683de4f756cf2a8a894a2780f42013d
-
SHA512
14fb97dce253ebbddccdbe8a437869d60177695ae5e550173b3fad18ea5cdfb1a795c328c52d7f0e58def26c25dfa85f358f87d69115554860b0c1344d0b9261
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Formbook Payload
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-