General

  • Target

    PO-AM2307586.doc

  • Size

    982KB

  • Sample

    231022-wkp95sbf3y

  • MD5

    58bbfc3f4971c44d3efb60e97299a5a5

  • SHA1

    a487e3cbcc857afa70a3549c7820a4c75acb5c92

  • SHA256

    ad4a9f03995ef8fa50027c10e69e9e8a814f21e89f1019f482ba8b859e079c68

  • SHA512

    232558acd8cfc82304cedfedea8c55d73238e5d2f26fe84a45a203329b237670b344e73f89a3d74fee80ba4fe7da7dfd7f3e6597fb5449c23f99eb31d413c1ef

  • SSDEEP

    24576:DbA0kMPWGK1nu6J2j7Sjxyei09Z/HhUGy16YzXoa+OyE+Dj1W6m+sykIsPAqnpus:p

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ge06

Decoy

azaharparis.com

nationaleventsafety.com

covesstudy.com

quinshon4.com

moderco.net

trailblazerbaby.com

time-edu.net

azeemtourism.com

anakmedan3.click

bookinternationaltours.com

ulksht.top

newswirex.com

dingg.net

waveoflife.pro

miamirealestatecommercial.com

rtplive77.xyz

bowllywood.com

automation-tools-84162.bond

booptee.com

ebx.lat

Targets

    • Target

      PO-AM2307586.doc

    • Size

      982KB

    • MD5

      58bbfc3f4971c44d3efb60e97299a5a5

    • SHA1

      a487e3cbcc857afa70a3549c7820a4c75acb5c92

    • SHA256

      ad4a9f03995ef8fa50027c10e69e9e8a814f21e89f1019f482ba8b859e079c68

    • SHA512

      232558acd8cfc82304cedfedea8c55d73238e5d2f26fe84a45a203329b237670b344e73f89a3d74fee80ba4fe7da7dfd7f3e6597fb5449c23f99eb31d413c1ef

    • SSDEEP

      24576:DbA0kMPWGK1nu6J2j7Sjxyei09Z/HhUGy16YzXoa+OyE+Dj1W6m+sykIsPAqnpus:p

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks