General
-
Target
7426da962e68c5b20a5159ca4e911eee.rtf
-
Size
8KB
-
Sample
210420-ch4g7s122n
-
MD5
7426da962e68c5b20a5159ca4e911eee
-
SHA1
a3a37b190077a308a17ddb82aa545610807f6e8b
-
SHA256
70f35721eb13022a6ae320055bf74d8c3bf688d5cd04c3bea37f6c2e4886d1b3
-
SHA512
e4f398322e4d020efcecea06cd2b3f77c3ce19a62cb4ab983aa7cceb7f9a3a00036057fa9e3cbc31a135b2e241cf6fe9540e260dedc251d9ab92f3843ef991ae
Malware Config
Extracted
formbook
4.1
http://www.yabo101games.net/dps/
mediationgenie.com
top-endstrollers.com
nunxia.com
whitehorsestone.com
outdoorfurniturevn.com
linary1994.com
portlandsbestdopczeic.com
thespiritbankchecking.com
tannerzaharis.com
lolaelzein.net
wotulove.com
haasjustice.com
humanpossibilitiesfreed.com
libreo.club
xn--onegcio-o0a.com
mysticbali.com
ruhuxue.com
befashionbelts.online
gourmetgrazingplatters.com
basintechnologies.com
Targets
-
-
Target
7426da962e68c5b20a5159ca4e911eee.rtf
-
Size
8KB
-
MD5
7426da962e68c5b20a5159ca4e911eee
-
SHA1
a3a37b190077a308a17ddb82aa545610807f6e8b
-
SHA256
70f35721eb13022a6ae320055bf74d8c3bf688d5cd04c3bea37f6c2e4886d1b3
-
SHA512
e4f398322e4d020efcecea06cd2b3f77c3ce19a62cb4ab983aa7cceb7f9a3a00036057fa9e3cbc31a135b2e241cf6fe9540e260dedc251d9ab92f3843ef991ae
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Formbook Payload
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-