PROFORMA INVOICE.doc__.rtf

General
Target

PROFORMA INVOICE.doc__.rtf

Size

236KB

Sample

211021-wkp95sbeal

Score
10 /10
MD5

4894c7f281ca84866cdafa19c52c734d

SHA1

23dfaf317b8a82107ef2f2906d37a0aa8b85d828

SHA256

14cfd6340c189704a9d65b0d3c9aa8472119d30987296c1d04bc225ea0f9891d

SHA512

fb44d35335238450f90263a8c2c9264fc0d22e76c3eef4517eb27b6408f9686edad968461ce73ad4ca9fe93e68644dcebc7883944594e6faf62bdbb6a3a70ef7

Malware Config

Extracted

Family formbook
Version 4.1
Campaign ed9s
C2

http://www.vaughnmethod.com/ed9s/

Decoy

pocketoptioniraq.com

merabestsolutions.com

atelectronics.site

fuxueshi.net

infinitystay.com

forensicconcept.site

txpmachine.com

masterwhs.xyz

dia-gnwsis.art

fulltiltnodes.com

bigbnbbsc.com

formation-figma.com

bonanacroin.net

medicalmarijuanasatx.com

bagnavy.com

aaegiscares.net

presentationpublicschool.com

bestyousite.site

prescriptionn.com

beyondthenormbouquets.com

sinclairsparkes.com

yesterdayglass.com

lj-safe-keepinganwgt76.xyz

winlegends.com

perthvideoproduction.com

sgh.technology

athletik.biz

cardealergame.com

ugkhmel.xyz

4346emerald.com

soulconstructionservices.com

dalmac-nj.com

marylink.net

gentciu.com

insidecity.company

wensum-creations.com

frontwonline.com

8xovz.xyz

pickaxecoffee.com

stonezhang.top

markmra1995.site

valleysettlewash.top

canadabulkmushrooms.com

shiningoutdoors.com

elysiarv.xyz

artoidmode.com

whileloading.com

crgcatherine.com

usa111.com

tourmalinesepiapirole.info

Targets
Target

PROFORMA INVOICE.doc__.rtf

MD5

4894c7f281ca84866cdafa19c52c734d

Filesize

236KB

Score
10/10
SHA1

23dfaf317b8a82107ef2f2906d37a0aa8b85d828

SHA256

14cfd6340c189704a9d65b0d3c9aa8472119d30987296c1d04bc225ea0f9891d

SHA512

fb44d35335238450f90263a8c2c9264fc0d22e76c3eef4517eb27b6408f9686edad968461ce73ad4ca9fe93e68644dcebc7883944594e6faf62bdbb6a3a70ef7

Tags

Signatures

  • Formbook

    Description

    Formbook is a data stealing malware which is capable of stealing data.

    Tags

  • suricata: ET MALWARE FormBook CnC Checkin (GET)

    Description

    suricata: ET MALWARE FormBook CnC Checkin (GET)

    Tags

  • Formbook Payload

    Tags

  • Blocklisted process makes network request

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Loads dropped DLL

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Exfiltration
          Impact
            Initial Access
              Lateral Movement
                Persistence
                  Privilege Escalation
                    Tasks

                    static1

                    behavioral2

                    1/10