General
-
Target
srr.doc
-
Size
12KB
-
Sample
230208-1dyp6aga91
-
MD5
77c476f9668b541aa928996c984e8708
-
SHA1
1a72dbdd46449c2b209ce4cb15f355ad2cec0d35
-
SHA256
2354d413698648237984061bb9d82b2a12152c6109d6aa2694183ebff45f5ffc
-
SHA512
793f535d07263462bd9f5400dab367fd6cf5bacff88eadfd5a3541f5c72e31410d21f55bff40fa711096a04ecc1d857ebede44b5318f0b2046b445ccaca5fae0
-
SSDEEP
384:Jxx5tRJcEfynlp8qI7jSGakLjGlTuRGGw0LOg+2:XNcEfQpGj3ayGduRGl0b
Malware Config
Extracted
formbook
dcn0
ZVx68vDtAMBCwg==
oBMBvsNORkM/O/ox
Ff9pISWkm6eG4lByIspp
c2T42c6CIIF6B8xTxm9XzpVw
bvjhxRbnAC183w==
0lTttSNG4HUDNflyIspp
hPXFlstqiHA/O/ox
WLR+MeerxZ0cNn1ja+IQAYo=
IHRn4xXOVKi477zarG+ObSy7YJA=
Xhf3e+tdAC183w==
Xk0ZAezv2rWH
kngo+vBeSRN7AszNwam3Osmguuqc0MoC
a2Qp7a+E8fSw7LDjpnqEKjsRZA==
3zjy4E7+QM48wg==
YcCmqT3OUNAigVott2pBKiy7YJA=
4+SMeX1juat/5cZ1AZihcyy7YJA=
/+m7sro0OBTl3TMpCw==
i2ctEfe4//a64yklMsgS2J90
+loZ2QKGX0UWgpvErMs=
b9BNCnJWQJS8IfsR0uR3bCy7YJA=
Targets
-
-
Target
srr.doc
-
Size
12KB
-
MD5
77c476f9668b541aa928996c984e8708
-
SHA1
1a72dbdd46449c2b209ce4cb15f355ad2cec0d35
-
SHA256
2354d413698648237984061bb9d82b2a12152c6109d6aa2694183ebff45f5ffc
-
SHA512
793f535d07263462bd9f5400dab367fd6cf5bacff88eadfd5a3541f5c72e31410d21f55bff40fa711096a04ecc1d857ebede44b5318f0b2046b445ccaca5fae0
-
SSDEEP
384:Jxx5tRJcEfynlp8qI7jSGakLjGlTuRGGw0LOg+2:XNcEfQpGj3ayGduRGl0b
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-