General

  • Target

    O_O.DOC

  • Size

    13KB

  • Sample

    230216-1w9kdabh6v

  • MD5

    aedb3953dd70f03351f2cf98ed82e141

  • SHA1

    6610f485d292277a4afc3b91cf09a66b51c68fc4

  • SHA256

    d7e98e5c75b815ee296b523c269453efdca996595b44c6e33ea0b112f34f8b3b

  • SHA512

    6ad736036664831e313012129123964ebafd192a595282cc3f1b8b47b379d8f12736e0001f1c4f4c16e2a53afa5fe70eca555dc037f8160702c3a093e0c88a49

  • SSDEEP

    192:7PsNGkkB2827ZFZuEHeNs3St0zD+yMUztAVVYXOsxITpg/YqAOiTfQ/j/P:7POCk7DeNs3St25hYgOlq5awjX

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ho62

Decoy

aqawonky.com

ancachsroadsideassistance.com

artologycreatlive.com

olesinfo.africa

lovebreatheandsleep.com

friendsofdragonsprings.com

homecomingmums.wiki

hg222.bet

precision-spares.co.uk

generalhospitaleu.africa

touchstone4x4.africa

dynamator.com

dental-implants-52531.com

efefear.buzz

bentonapp.net

89luxu.com

bridgesonelm.com

acesaigon.online

instantapprovals.loans

evuniverso.com

Targets

    • Target

      O_O.DOC

    • Size

      13KB

    • MD5

      aedb3953dd70f03351f2cf98ed82e141

    • SHA1

      6610f485d292277a4afc3b91cf09a66b51c68fc4

    • SHA256

      d7e98e5c75b815ee296b523c269453efdca996595b44c6e33ea0b112f34f8b3b

    • SHA512

      6ad736036664831e313012129123964ebafd192a595282cc3f1b8b47b379d8f12736e0001f1c4f4c16e2a53afa5fe70eca555dc037f8160702c3a093e0c88a49

    • SSDEEP

      192:7PsNGkkB2827ZFZuEHeNs3St0zD+yMUztAVVYXOsxITpg/YqAOiTfQ/j/P:7POCk7DeNs3St25hYgOlq5awjX

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scripting

1
T1064

Exploitation for Client Execution

1
T1203

Defense Evasion

Scripting

1
T1064

Modify Registry

1
T1112

Discovery

System Information Discovery

3
T1082

Query Registry

2
T1012

Tasks