MT OCEAN STAR ISO 8217 2005.xlsx

General
Target

MT OCEAN STAR ISO 8217 2005.xlsx

Size

2MB

Sample

210223-b6h52bw412

Score
10 /10
MD5

3ba4a9ceac60a4e52398ac6fbd0ebc5b

SHA1

19b79bcd8982634747f1dfc6804687d60baf73b0

SHA256

ca4c055b60e84b73461e21062fc06924897c501944ec0f2a467fc4c21f13b342

SHA512

ff14cc9946821af0891fb2b8ae10006ea9902f31c6cfcc5bc6739270080a3862db34e718cf82838585662a3dbad74892db78e891092a9cd0e137e86684440686

Malware Config

Extracted

Family formbook
C2

http://www.aone223.com/67d/

Decoy

initiationportal.com

priority1fleet.com

xn--c1abvlc0ba.xn--p1acf

foto-golyh-devushek.com

losangeles-nightlife.com

mynewbandname.com

iaiibhzsbw.net

allwest-originals.com

peakofgoodlife.com

traeespana.com

prizotinstagram.online

powerd.net

rutharroyo.com

spreadtheaimee.com

tomleefamily.com

workingcompass.net

quallateematerial.com

davizion.com

ashleeramdanfit.com

gamers-evolution.com

bohrabiz.com

twigandbloomfloral.com

nhdpartners.com

wakedcma.com

algulotomotiv.com

kocaelikiralikvinc.com

listenupfoundation.net

studiozetamilano.com

luckybluebird.net

xigo100.com

hattonpalacejewellery.com

bolsasmariabonita.com

didierjammet.com

wndslve.com

wiprideinc.com

aktiv.plus

americanseniorcarecorp.com

calmbears.com

gearsevenfitness.com

naigves.com

stremate.webcam

awakenedbyowls.com

pelican-foot.com

t-c-o-t-c.com

disinfectingcinci.com

buyrealestatewithchris.com

g-grid.net

dodadungthongminh.asia

prospect300.com

rjutilities.com

Targets
Target

MT OCEAN STAR ISO 8217 2005.xlsx

MD5

3ba4a9ceac60a4e52398ac6fbd0ebc5b

Filesize

2MB

Score
1 /10
SHA1

19b79bcd8982634747f1dfc6804687d60baf73b0

SHA256

ca4c055b60e84b73461e21062fc06924897c501944ec0f2a467fc4c21f13b342

SHA512

ff14cc9946821af0891fb2b8ae10006ea9902f31c6cfcc5bc6739270080a3862db34e718cf82838585662a3dbad74892db78e891092a9cd0e137e86684440686

Tags

Signatures

  • Formbook

    Description

    Formbook is a data stealing malware which is capable of stealing data.

    Tags

  • Formbook Payload

    Tags

  • Blocklisted process makes network request

  • Executes dropped EXE

  • Loads dropped DLL

  • Uses the VBS compiler for execution

    TTPs

    Scripting
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Exfiltration
          Impact
            Initial Access
              Lateral Movement
                Persistence
                  Privilege Escalation
                    Tasks

                    static1

                    behavioral2

                    1/10