General
-
Target
QUOTATION#1100630004R2.doc
-
Size
54KB
-
Sample
210726-g114rbxz6n
-
MD5
a3336f2a85c572aab40243c347ebfe59
-
SHA1
f6b300530f6d294ea005b13ec08d881c9651f8af
-
SHA256
9604fbb0d387877ea857295c8b350e75d5adedc3907bc25f19baf16fff3b0d05
-
SHA512
b4a02c7df3537f861429346bd2813de9f89cdb18fb867b8f9eb140d6e2d190bf1a9ff33302e919c111b1e379ef09840c8c1c8289d7fb20fbe2fff4268ea085cf
Malware Config
Extracted
formbook
4.1
http://www.containerflippers.com/np0c/
spartansurebets.com
threelakestradingco.com
metaspace.global
zjenbao.com
directlyincluded.press
peterchadri.com
learnhousebreaking.com
wonobattle.online
leadate.com
shebafarmscali.com
top4thejob.online
awakeyourfaith.com
bedford-st.com
lolwhats.com
cucurumbel.com
lokalbazaar.com
matter.pro
eastcountyanimalrescue.com
musesgirl.com
noordinarydairy.com
Targets
-
-
Target
QUOTATION#1100630004R2.doc
-
Size
54KB
-
MD5
a3336f2a85c572aab40243c347ebfe59
-
SHA1
f6b300530f6d294ea005b13ec08d881c9651f8af
-
SHA256
9604fbb0d387877ea857295c8b350e75d5adedc3907bc25f19baf16fff3b0d05
-
SHA512
b4a02c7df3537f861429346bd2813de9f89cdb18fb867b8f9eb140d6e2d190bf1a9ff33302e919c111b1e379ef09840c8c1c8289d7fb20fbe2fff4268ea085cf
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Formbook Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-