General
-
Target
GMC_24012022.doc
-
Size
2.2MB
-
Sample
220125-k6rjjsche5
-
MD5
c6a05784a4d3f27b85ad311e8dd64607
-
SHA1
7bd8a297f3a95fa6e6b756094785d90d11f26099
-
SHA256
d9867bff3beee631dde942e6425b7ef4edce67b251453d360e71ec655b929bc9
-
SHA512
49539dfd171214c3d48f2447d6e138724b8de40e215365430208207fb6f524d8eac32386a1eb48d49f686a85c9a6bd0f374f75e815f0f0ed41eaa42f3de02f4d
Malware Config
Extracted
formbook
4.1
dt23
acresyetthrow.xyz
botoxforchronicmigraine.com
bulletproofrzr.com
curiaegroup.com
7seasvisas.com
dofastig.com
xu6gfskoedlj.xyz
indoorindia.com
cinejunky.xyz
projectsunshine.info
wefmans.com
gv3f9asm.xyz
couriergbblogistics.com
tcd-ussf.com
ssmgk.com
beeyou-photography.com
agulhanopalheirobrecho.xyz
damlacreative.xyz
businessinvestmentcanada.today
makingwavesbyterra.com
Targets
-
-
Target
GMC_24012022.doc
-
Size
2.2MB
-
MD5
c6a05784a4d3f27b85ad311e8dd64607
-
SHA1
7bd8a297f3a95fa6e6b756094785d90d11f26099
-
SHA256
d9867bff3beee631dde942e6425b7ef4edce67b251453d360e71ec655b929bc9
-
SHA512
49539dfd171214c3d48f2447d6e138724b8de40e215365430208207fb6f524d8eac32386a1eb48d49f686a85c9a6bd0f374f75e815f0f0ed41eaa42f3de02f4d
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Formbook Payload
-
Blocklisted process makes network request
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-