General
-
Target
SwiftMessage.doc
-
Size
43KB
-
Sample
230421-s6g9wage54
-
MD5
14c31fd8c008c96358a9154f9751406e
-
SHA1
f49031150b588c448b6d5663404719da7670b542
-
SHA256
6b17b0af347d89c833d2eabe697bbd42b2b5741a628eaf43dcfcdba128df109e
-
SHA512
c8a9b63073bd53111744f89805f21da1a0b234ec45521869bb4d8d46db8dbe509dc9d4a2059f9ad54c826aecc2643a19a1bdc9f6a9b104c02aee38682e69134f
-
SSDEEP
768:TFx0XaIsnPRIa4fwJM7jbsCNNjnF69gdocvFXRt9ftUsfzOfnp0d3T2:Tf0Xvx3EM7jbsKnFbvXRXftUsLAnCd3i
Malware Config
Extracted
formbook
4.1
tf6p
poolcleanerskingsland.com
nieveslandscapee.com
wb263.com
smartlubetrading.com
linuowen.com
fna-seattle.com
jobgenie-ai.com
mycocktailmind.com
openai-invite.com
tnndjf5kyxz.com
mclane.attorney
somwear.xyz
spliffstudios.com
grupofaace.com
wuuwo.com
bigtimerushcharlotte.com
yourercchecks.com
arportablepottyrentals.biz
sbtsanantonio.com
explantationsbegleitung.com
Targets
-
-
Target
SwiftMessage.doc
-
Size
43KB
-
MD5
14c31fd8c008c96358a9154f9751406e
-
SHA1
f49031150b588c448b6d5663404719da7670b542
-
SHA256
6b17b0af347d89c833d2eabe697bbd42b2b5741a628eaf43dcfcdba128df109e
-
SHA512
c8a9b63073bd53111744f89805f21da1a0b234ec45521869bb4d8d46db8dbe509dc9d4a2059f9ad54c826aecc2643a19a1bdc9f6a9b104c02aee38682e69134f
-
SSDEEP
768:TFx0XaIsnPRIa4fwJM7jbsCNNjnF69gdocvFXRt9ftUsfzOfnp0d3T2:Tf0Xvx3EM7jbsKnFbvXRXftUsLAnCd3i
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Formbook payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-