General
-
Target
Reliance Trading Pvt. Ltd. List.docx
-
Size
10KB
-
Sample
210624-1myan5sx2x
-
MD5
8312b5bab2f19b01e2a1a12744a7464e
-
SHA1
076df8e460f965cd7b30fb07cdd06e90654417ec
-
SHA256
2bb1e6d0bcc6af940f0835a269b1ad99f8420207ba2f87c6f789219f8186559f
-
SHA512
5236b8461c9bb6af273c85f26905552a06977a1d58f2ff104f416bae996d3838b4ca76b037716aeb39936de0c79854e88c58cca5c17362e9836ccd097879e5f1
Malware Config
Extracted
http://198.12.91.160/--...........................................------..................--------/......................wiz
Extracted
formbook
4.1
http://www.mpaiji.com/c244/
ssgasija.com
procyoon.com
mood-street-food.com
yeglifeview.com
baoyai.com
sundarsheni.com
notoli.photography
sweetape.com
ergas.group
asyrill.com
jin188v.com
stlazarushospitalnola.com
dohertyfamily5.com
duniaclubs.club
ngobryles.com
scottsavocasalon.com
unifiui.com
baileyfred.com
nabiagency.com
alyssaternanphotography.com
Targets
-
-
Target
Reliance Trading Pvt. Ltd. List.docx
-
Size
10KB
-
MD5
8312b5bab2f19b01e2a1a12744a7464e
-
SHA1
076df8e460f965cd7b30fb07cdd06e90654417ec
-
SHA256
2bb1e6d0bcc6af940f0835a269b1ad99f8420207ba2f87c6f789219f8186559f
-
SHA512
5236b8461c9bb6af273c85f26905552a06977a1d58f2ff104f416bae996d3838b4ca76b037716aeb39936de0c79854e88c58cca5c17362e9836ccd097879e5f1
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Formbook Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Abuses OpenXML format to download file from external location
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-