General
-
Target
1 payment cash Deposit.doc
-
Size
1.8MB
-
Sample
230322-xm276aag42
-
MD5
eda174e3f27c80dcd19abfb5400c50d9
-
SHA1
14002d710bb0fc29a8103d3909c542e680020f63
-
SHA256
d6f3694d7c009f73f53fa28d77a65eafd3ae19c9d219982a71f150c514a86584
-
SHA512
9f6f9d61bc3de47b155d3d3aeed8044fe1b2951ea4ac89402e2dcf3decf991888ed28afb72e79c41abbc584ea51be98c08bc520aadb6531bb63ed77283e058e4
-
SSDEEP
24576:oyNh+vkSpIGa2e761oZziemHIYQGohgxg3je6H3qPwHDaw/oKmDJ9QZEpJqiLq38:y
Malware Config
Extracted
formbook
4.1
bn26
juweipai.com
assurance-mon-espace-sante.com
robqq.com
ablindear.com
socialmonkeys.co.uk
learningworldtech.com
imprese-it.com
themoodcollectives.africa
lutonmethodists.org.uk
castawaycovebnb.com
caronthemove.com
carolinacastro.uk
dcfashionweekintl.com
branchbasicsa.com
drpatrickakinsanya.africa
inventourownfuture.com
applege.top
whatamitiredof.com
daphan.pics
gardenstatevinyl.net
Targets
-
-
Target
1 payment cash Deposit.doc
-
Size
1.8MB
-
MD5
eda174e3f27c80dcd19abfb5400c50d9
-
SHA1
14002d710bb0fc29a8103d3909c542e680020f63
-
SHA256
d6f3694d7c009f73f53fa28d77a65eafd3ae19c9d219982a71f150c514a86584
-
SHA512
9f6f9d61bc3de47b155d3d3aeed8044fe1b2951ea4ac89402e2dcf3decf991888ed28afb72e79c41abbc584ea51be98c08bc520aadb6531bb63ed77283e058e4
-
SSDEEP
24576:oyNh+vkSpIGa2e761oZziemHIYQGohgxg3je6H3qPwHDaw/oKmDJ9QZEpJqiLq38:y
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Formbook payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-