General
-
Target
Payment Confirmation.doc
-
Size
57KB
-
Sample
210723-jvq3fjy6ca
-
MD5
88b8c238ca748c1b5c056364acac3336
-
SHA1
cf99d9a1d8252b87797124561a08d35a4f254946
-
SHA256
769f5f59dbd758fbad94b0b7fb84afd003f87b00e5991a239ecd562c51ee991f
-
SHA512
26b850ab74da2cae5739d67d277b73db1e9a0cc48b4cfb3442465de0004212735012e74ede837d763112718853abe3b513358a3de9e6e7fd86cf2d9d18058c84
Malware Config
Extracted
formbook
4.1
http://www.meilleurspromo.com/lmsa/
functionalkitchen.net
jiangxichuangke.com
lonerkont.space
champcarfanatics.com
csillag-szuletik.info
jupitowatch.com
lmcomputer.net
alfawize.com
mouthconsults.com
gruppolarta.com
gaymyway.com
bostonpeach.com
bioclean.pro
thingsandotherstuff.com
gencmetals.com
cwivf.com
nbhgddfgggnhhmhln.com
myscoutinglife.com
ccubk.com
cheapfloatingrentals.com
Targets
-
-
Target
Payment Confirmation.doc
-
Size
57KB
-
MD5
88b8c238ca748c1b5c056364acac3336
-
SHA1
cf99d9a1d8252b87797124561a08d35a4f254946
-
SHA256
769f5f59dbd758fbad94b0b7fb84afd003f87b00e5991a239ecd562c51ee991f
-
SHA512
26b850ab74da2cae5739d67d277b73db1e9a0cc48b4cfb3442465de0004212735012e74ede837d763112718853abe3b513358a3de9e6e7fd86cf2d9d18058c84
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Formbook Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-