General

  • Target

    PO43P00416.xls

  • Size

    1.5MB

  • Sample

    231022-jrjpqagb24

  • MD5

    71368866925c23e35d340705fae95002

  • SHA1

    8b2e76a61f33f053eb4fc2f2bc3600917e7d1d09

  • SHA256

    1f30b513d1315b7a9432f9cf2937d5c4728455fbd7c681a552b94f57a849757c

  • SHA512

    6bddbc8a6824bf2d7137042b762da78d8c02e6756f488003a8d142cc7b111720710f4f31034e8d9c1dca33847ac822a9ed81d2e97f647d0708ddb5db271461f6

  • SSDEEP

    24576:cWQmmav30xrmZy3w6VA3bVNRFZyVw6VC3bVG4nvsLtbtecTQ5WWkK3q/0wkex:xQmmQ309wP6VA3bVDN6VC3bV25tBTTKg

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

sy22

Decoy

vinteligencia.com

displayfridges.fun

completetip.com

giallozafferrano.com

jizihao1.com

mysticheightstrail.com

fourseasonslb.com

kjnala.shop

mosiacwall.com

vandistreet.com

gracefullytouchedartistry.com

hbiwhwr.shop

mfmz.net

hrmbrillianz.com

funwarsztat.com

polewithcandy.com

ourrajasthan.com

wilhouettteamerica.com

johnnystintshop.com

asgnelwin.com

Targets

    • Target

      PO43P00416.xls

    • Size

      1.5MB

    • MD5

      71368866925c23e35d340705fae95002

    • SHA1

      8b2e76a61f33f053eb4fc2f2bc3600917e7d1d09

    • SHA256

      1f30b513d1315b7a9432f9cf2937d5c4728455fbd7c681a552b94f57a849757c

    • SHA512

      6bddbc8a6824bf2d7137042b762da78d8c02e6756f488003a8d142cc7b111720710f4f31034e8d9c1dca33847ac822a9ed81d2e97f647d0708ddb5db271461f6

    • SSDEEP

      24576:cWQmmav30xrmZy3w6VA3bVNRFZyVw6VC3bVG4nvsLtbtecTQ5WWkK3q/0wkex:xQmmQ309wP6VA3bVDN6VC3bV25tBTTKg

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks