General

  • Target

    Confirmation transfer MT103 Ref_008675323.js

  • Size

    342KB

  • Sample

    220921-rwaavageb7

  • MD5

    fb5bd94adf05e82a5cf7a928322d7684

  • SHA1

    916128a1be6377ac07a23281f14952df5b6c18c2

  • SHA256

    68f066d3252585c2776822a48a9e0aa52c066bc8bdd6be03b3f9e27f0e0c098b

  • SHA512

    44be5454b24f9e9cfee04f59e90f0313cfe6cc48989a09dd6857a704d6e045b654c513ff1ac656fa4247ec3369684e926bd290397d32ce33ff00aab0e67d5ebe

  • SSDEEP

    6144:OXaP+gpL6oJyS6iud3zxacILdfyTUUYlni2tjvZg7jp:0amJgOd1acoR1TtjRYp

Malware Config

Extracted

Family

formbook

Campaign

q4k5

Decoy

jQYgo8tIgmIc0mvpRb5x

WvKdh53xC7N4gDV7C595

3NZvdu4YVUEvB7v2l0Tm0SVv

/VRXhfIvRiNV3GOoZZPqieXuTd/oHzo=

iVrRnM8RfE8pow==

p7pocu0vag2HQeAi1Q==

jE3wz8cIIck7DaIRQns7/WM=

idYEkVhfx4USLm44

xQpoZwWMqZQZ0b+uff0=

1u0SiknP4Ls7GLQCxkszuinYzQ==

AVuV9lyovZ0am5kw6fg=

KicecBSZtmieUd7hkUDm0SVv

pMHRHY3n/dVlLQxECMx3

dE8S684NNa9pRNo=

2WKRICBuhDoNkuozMWGBGWPpliRqjw==

UnIpN/4ONxpFwu04CF57Ew==

lzTU5CR1jj6os+3Myg==

WR8IgU/HRPwvtA==

eACJW4jpYgiATdg=

BRYZUYK51HygS5kw6fg=

Targets

    • Target

      Confirmation transfer MT103 Ref_008675323.js

    • Size

      342KB

    • MD5

      fb5bd94adf05e82a5cf7a928322d7684

    • SHA1

      916128a1be6377ac07a23281f14952df5b6c18c2

    • SHA256

      68f066d3252585c2776822a48a9e0aa52c066bc8bdd6be03b3f9e27f0e0c098b

    • SHA512

      44be5454b24f9e9cfee04f59e90f0313cfe6cc48989a09dd6857a704d6e045b654c513ff1ac656fa4247ec3369684e926bd290397d32ce33ff00aab0e67d5ebe

    • SSDEEP

      6144:OXaP+gpL6oJyS6iud3zxacILdfyTUUYlni2tjvZg7jp:0amJgOd1acoR1TtjRYp

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Vjw0rm

      Vjw0rm is a remote access trojan written in JavaScript.

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks