General
-
Target
invoice12124.docx
-
Size
10KB
-
Sample
210524-6hep92cb7x
-
MD5
cbac500e2b86a16aa9b69b383db5e0e3
-
SHA1
9c9ba06bf5beb997e91a6b802dbed8e031e0b4f0
-
SHA256
e8b956100179eb1c542cedd9f78bb8b9c9c89e5b1040aefdc65619756b0da8fd
-
SHA512
15897af59d8e85e589f15339565e3cbedb95807c50d13c0cd5c32a9e99157335f3551bf1c4a57dcde322e04703a8e0a1a419ae9388a6a9d8ec346c7fdd94764d
Malware Config
Extracted
http://198.46.132.185/..-.-.-......................................................-...-/........................................................wbk
Extracted
formbook
4.1
http://www.unclechef.website/pmc/
poolbuilderhighlandpark.com
zgqcmrdswlw.com
rivalrepublic.net
vowseries.com
papmbeachcountymusic.com
unitedmarguisa.com
sparetimr.net
mmmfccynp.icu
blossom123.com
rkd6.com
luewhhedre.com
rwproducedeliveryknoxville.com
bqg5000.com
xn--jvrr98g37n88d.com
15slotozlo.site
experthairstylist.site
udalastar.com
avenstoredetailing.com
americanmicron.com
fineprintlaw.com
Targets
-
-
Target
invoice12124.docx
-
Size
10KB
-
MD5
cbac500e2b86a16aa9b69b383db5e0e3
-
SHA1
9c9ba06bf5beb997e91a6b802dbed8e031e0b4f0
-
SHA256
e8b956100179eb1c542cedd9f78bb8b9c9c89e5b1040aefdc65619756b0da8fd
-
SHA512
15897af59d8e85e589f15339565e3cbedb95807c50d13c0cd5c32a9e99157335f3551bf1c4a57dcde322e04703a8e0a1a419ae9388a6a9d8ec346c7fdd94764d
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Formbook Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Abuses OpenXML format to download file from external location
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-