General
-
Target
_MVSEASEAL_RFQ_.xlsx
-
Size
2.3MB
-
Sample
210119-v7jbzppp66
-
MD5
266dcfcd2e08490c31848f65b2278422
-
SHA1
7e61b82d9be715199e14c1fea4e264e68cedcb8e
-
SHA256
3be0adb00e31207de79f54ce067a7f815519945357e03ba87fca258dacdbc364
-
SHA512
b9a873ce9d95af8a8ff095d8c51e967d948b6eb60a2585189d4f2c87a8d1f72f6524989e19a65d5270a384baa598948b96914fcc57aa7898dea802cf46c6d203
Malware Config
Extracted
formbook
http://www.kaiyuansu.pro/incn/
1bovvfk93jd.com
enlightenedhealthcoaching.com
findthatsmartphone.com
intelligentsystemsus.com
xn--lmsealamientos-tnb.com
eot0luh5ia.men
babanewshop.com
beyond-bit.com
meritane.com
buythinsecret.com
c2ornot.com
twelvesband.com
rktlends.com
bourseandish.com
happyshop88.com
topangacanyonvintage.com
epersonalloansonline.com
roofers-anaheim.com
shanghaiys.net
bickel.wtf
Targets
-
-
Target
_MVSEASEAL_RFQ_.xlsx
-
Size
2.3MB
-
MD5
266dcfcd2e08490c31848f65b2278422
-
SHA1
7e61b82d9be715199e14c1fea4e264e68cedcb8e
-
SHA256
3be0adb00e31207de79f54ce067a7f815519945357e03ba87fca258dacdbc364
-
SHA512
b9a873ce9d95af8a8ff095d8c51e967d948b6eb60a2585189d4f2c87a8d1f72f6524989e19a65d5270a384baa598948b96914fcc57aa7898dea802cf46c6d203
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Xloader
Xloader is a rebranded version of Formbook malware.
-
Xloader Payload
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-