General
-
Target
Refno.191938.xlsx
-
Size
319KB
-
Sample
210504-sz29hyk642
-
MD5
a6ea0794f2791f9f2bdfcdb467122e6b
-
SHA1
83815a1977485c3fabdd49c91926d0482e3b78e1
-
SHA256
db692f9512b08149089a9d7295a04633f22944d87f2bfe53ae00d2c55f7502ca
-
SHA512
8e9d56848c8e9dc03676348ebc0b57b650cfe4a8c61d1d8825b68e7989f29eb83509e9a1d5d35fcdf9e81e1ddcd8ed6a80d7a947e5906965f9d42f89f7d6fc6d
Malware Config
Extracted
formbook
4.1
http://www.kelurahanpatikidul.xyz/op9s/
playsystems-j.one
exchange.digital
usaleadsretrieval.com
mervegulistanaydin.com
heavythreadclothing.com
attorneyperu.com
lamuerteesdulce.com
catxirulo.com
willowrunconnemaras.com
laospecial.com
anchotrading.com
mycreditebook.com
jiujiu.plus
juniperconsulting.site
millionairsmindset.com
coronaviruscuredrugs.com
services-office.com
escanaim.com
20svip.com
pistonpounder.com
Targets
-
-
Target
Refno.191938.xlsx
-
Size
319KB
-
MD5
a6ea0794f2791f9f2bdfcdb467122e6b
-
SHA1
83815a1977485c3fabdd49c91926d0482e3b78e1
-
SHA256
db692f9512b08149089a9d7295a04633f22944d87f2bfe53ae00d2c55f7502ca
-
SHA512
8e9d56848c8e9dc03676348ebc0b57b650cfe4a8c61d1d8825b68e7989f29eb83509e9a1d5d35fcdf9e81e1ddcd8ed6a80d7a947e5906965f9d42f89f7d6fc6d
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Formbook Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-