General

  • Target

    1909373834 MT103 Credit.doc

  • Size

    8KB

  • Sample

    221102-p3q6tsbhe9

  • MD5

    ceb36f9dc6ae24ffb3019eb72dfe1f53

  • SHA1

    e0e4b1a3f189d56a6eb7c59d652f306dc80f0b1f

  • SHA256

    f2240d7110ea73727c00173cd8d1b72ce49f2977c2d7e510881e9ea2b6913976

  • SHA512

    d93f73de7e195adbfb2a77b44fa508803ac3ab39e5c31ca84b80b453f3cadb298ccaf17e75d62a8bb33e08a39a45084a9216979d81283f5e99035665b35855f9

  • SSDEEP

    192:O1mdcYrKA7D9ZEV8e4pLrBJ6/k+UAbyYDbu9mekzpc:3Kw1JB1J685gyYDbu9mZ6

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

d06c

Decoy

douglasdetoledopiza.com

yxcc.online

primo.llc

mediamomos.com

cosmetiq-pro.com

22labs.tech

turbowashing.com

lindaivell.site

princess-bed.club

groundget.cfd

agretaminiousa.com

lomoni.com

nessesse.us

lexgo.cloud

halilsener.xyz

kirokubo.cloud

corotip.sbs

meghq.net

5y6s.world

weasib.online

Targets

    • Target

      1909373834 MT103 Credit.doc

    • Size

      8KB

    • MD5

      ceb36f9dc6ae24ffb3019eb72dfe1f53

    • SHA1

      e0e4b1a3f189d56a6eb7c59d652f306dc80f0b1f

    • SHA256

      f2240d7110ea73727c00173cd8d1b72ce49f2977c2d7e510881e9ea2b6913976

    • SHA512

      d93f73de7e195adbfb2a77b44fa508803ac3ab39e5c31ca84b80b453f3cadb298ccaf17e75d62a8bb33e08a39a45084a9216979d81283f5e99035665b35855f9

    • SSDEEP

      192:O1mdcYrKA7D9ZEV8e4pLrBJ6/k+UAbyYDbu9mekzpc:3Kw1JB1J685gyYDbu9mZ6

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Execution

Exploitation for Client Execution

1
T1203

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Tasks