General

  • Target

    NOTAFISCAL-NFI3713.xls

  • Size

    1.4MB

  • Sample

    230718-g267nahd4z

  • MD5

    922a4fe9ed2f9ad14b6b13e1a414c17b

  • SHA1

    25011371b68b8755daf8ce768ef07b17c9049b15

  • SHA256

    3d408327065ceea0baf658a2a718d879d16a84ff9a07336e7a705cf3d874e630

  • SHA512

    93819827020824ca0122eea8ce11819af73f8d8e3d4d56bada63274828df126957bb6c4d2eff00b9cf804e864f5d43017eba85e7b920ae09c90c763b8c36946d

  • SSDEEP

    24576:bpu9VNZylw6VSOZyHw6VleHBlEzp7uyR0bgcwyA52CcP5YwVux:bpuPR6VSYj6V8hOzagjyPP5Yj

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ms14

Decoy

adjoinstaff.online

kmmdznky.cfd

keyviewgroup.com

kidomarketing.com

jroxtqpq.cfd

jdevmx.com

genqaagz.cfd

1cdpwp.cfd

francegoldvip.com

2qy218.xyz

peterscanner.com

trullys.com

aniwatch.top

windyhillcnc.com

pokazhu.com

r74jsy.cfd

paulgadgets.com

lindanewtee.com

lasik-de-de-8808230.zone

critone.site

Targets

    • Target

      NOTAFISCAL-NFI3713.xls

    • Size

      1.4MB

    • MD5

      922a4fe9ed2f9ad14b6b13e1a414c17b

    • SHA1

      25011371b68b8755daf8ce768ef07b17c9049b15

    • SHA256

      3d408327065ceea0baf658a2a718d879d16a84ff9a07336e7a705cf3d874e630

    • SHA512

      93819827020824ca0122eea8ce11819af73f8d8e3d4d56bada63274828df126957bb6c4d2eff00b9cf804e864f5d43017eba85e7b920ae09c90c763b8c36946d

    • SSDEEP

      24576:bpu9VNZylw6VSOZyHw6VleHBlEzp7uyR0bgcwyA52CcP5YwVux:bpuPR6VSYj6V8hOzagjyPP5Yj

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

    • Formbook payload

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Checks QEMU agent file

      Checks presence of QEMU agent, possibly to detect virtualization.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks