General

  • Target

    O--O.DOC

  • Size

    13KB

  • Sample

    230220-phrxmaad6v

  • MD5

    82d96b88479ceeb946d62e6573871988

  • SHA1

    0ad70340a881c816006885caad3ac1a90a08fc37

  • SHA256

    8a21b7c5efa3aa0f5d093e1e7b3da5dd7aa559266f3f68151be92036ca7f718a

  • SHA512

    b426862c17d53d1ba92a08cdd20562a55cb077d7a9082557cf7fcc16042f2d2304551be274ce1d0583a422f4fc6d3e15a24648e0d569659efba7ec4a361b7bcb

  • SSDEEP

    384:jhto8hBmxr8xMFagkNQBDLRiNkgR+3YO7yK9l:jhtrBMImFBiNk6+3Y0XD

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ho62

Decoy

aqawonky.com

ancachsroadsideassistance.com

artologycreatlive.com

olesinfo.africa

lovebreatheandsleep.com

friendsofdragonsprings.com

homecomingmums.wiki

hg222.bet

precision-spares.co.uk

generalhospitaleu.africa

touchstone4x4.africa

dynamator.com

dental-implants-52531.com

efefear.buzz

bentonapp.net

89luxu.com

bridgesonelm.com

acesaigon.online

instantapprovals.loans

evuniverso.com

Targets

    • Target

      O--O.DOC

    • Size

      13KB

    • MD5

      82d96b88479ceeb946d62e6573871988

    • SHA1

      0ad70340a881c816006885caad3ac1a90a08fc37

    • SHA256

      8a21b7c5efa3aa0f5d093e1e7b3da5dd7aa559266f3f68151be92036ca7f718a

    • SHA512

      b426862c17d53d1ba92a08cdd20562a55cb077d7a9082557cf7fcc16042f2d2304551be274ce1d0583a422f4fc6d3e15a24648e0d569659efba7ec4a361b7bcb

    • SSDEEP

      384:jhto8hBmxr8xMFagkNQBDLRiNkgR+3YO7yK9l:jhtrBMImFBiNk6+3Y0XD

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scripting

1
T1064

Exploitation for Client Execution

1
T1203

Defense Evasion

Scripting

1
T1064

Modify Registry

1
T1112

Discovery

System Information Discovery

3
T1082

Query Registry

2
T1012

Tasks