General

  • Target

    1f30b513d1315b7a9432f9cf2937d5c4728455fbd7c681a552b94f57a849757c.zip

  • Size

    1.1MB

  • Sample

    231022-vlnbhadc47

  • MD5

    9e64631fc71c42267258c700681277aa

  • SHA1

    0cb9b7ee85463648a1f4897cd9fd867b98e59aa1

  • SHA256

    fa32dcb24289e2052435ccbf29f391219d949de88dd5cc9c2c7685050b0eec34

  • SHA512

    03e53858e95267a619074589ca19c228c4a6103670977bb4d3c5ea3ac25dc79dd3fce978fd8de04b4f08be867cc67ae1cdb040ed0bc1c4ecaf00277d54960601

  • SSDEEP

    24576:kttD8+Vwtt6N2ZiXhg26vArB/bwg9L/YFTex+xOm+25zIC:kt1Bx+iXfr+glIWHmr5zIC

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

sy22

Decoy

vinteligencia.com

displayfridges.fun

completetip.com

giallozafferrano.com

jizihao1.com

mysticheightstrail.com

fourseasonslb.com

kjnala.shop

mosiacwall.com

vandistreet.com

gracefullytouchedartistry.com

hbiwhwr.shop

mfmz.net

hrmbrillianz.com

funwarsztat.com

polewithcandy.com

ourrajasthan.com

wilhouettteamerica.com

johnnystintshop.com

asgnelwin.com

Targets

    • Target

      1f30b513d1315b7a9432f9cf2937d5c4728455fbd7c681a552b94f57a849757c.xls

    • Size

      1.5MB

    • MD5

      71368866925c23e35d340705fae95002

    • SHA1

      8b2e76a61f33f053eb4fc2f2bc3600917e7d1d09

    • SHA256

      1f30b513d1315b7a9432f9cf2937d5c4728455fbd7c681a552b94f57a849757c

    • SHA512

      6bddbc8a6824bf2d7137042b762da78d8c02e6756f488003a8d142cc7b111720710f4f31034e8d9c1dca33847ac822a9ed81d2e97f647d0708ddb5db271461f6

    • SSDEEP

      24576:cWQmmav30xrmZy3w6VA3bVNRFZyVw6VC3bVG4nvsLtbtecTQ5WWkK3q/0wkex:xQmmQ309wP6VA3bVDN6VC3bV25tBTTKg

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks