General

  • Target

    Suntech Inquiry P43030.xls

  • Size

    1.1MB

  • Sample

    231024-gh1krscg67

  • MD5

    273306f64301b07d0090c49208a90653

  • SHA1

    8b7216a4287be07e0f0a431f7c20741b761a88a6

  • SHA256

    80eddab7aab8837892162226e2d3a08c610100a55ae7bbaaa24106c30d9e9b83

  • SHA512

    142dd41145450d938a0d0e9b583d52779b419feec63c42b4a3c0f1e4d57ee5ce80982e1382f3a270a60ca57e26caab70c4c2a1d758d4d7d953092fa20fe8aef8

  • SSDEEP

    24576:XBweZyww6/N5OpZyLw6/nV8YhYiJHHNQMTwhsDQyXAsvCsdjXUee:Te6/Wd6/VYAHHNrTHdQsaEXV

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

rs10

Decoy

starryallure.com

mania-31.online

baba-bt-top1.buzz

jwilkinsartscapeinc.com

tallerhazop.com

lulu013.com

pontoimediato.com

stmc-company.com

thesoftwarepractitioner.com

makemoneywithsherrie.com

algaroba.com

smartbookmarks.info

burneysaw.com

fftsxxx.top

hvr998.com

sofisticars.store

clickit.fun

couches-sofas-16683.bond

ikkasolutions.com

oakvisa.com

Targets

    • Target

      Suntech Inquiry P43030.xls

    • Size

      1.1MB

    • MD5

      273306f64301b07d0090c49208a90653

    • SHA1

      8b7216a4287be07e0f0a431f7c20741b761a88a6

    • SHA256

      80eddab7aab8837892162226e2d3a08c610100a55ae7bbaaa24106c30d9e9b83

    • SHA512

      142dd41145450d938a0d0e9b583d52779b419feec63c42b4a3c0f1e4d57ee5ce80982e1382f3a270a60ca57e26caab70c4c2a1d758d4d7d953092fa20fe8aef8

    • SSDEEP

      24576:XBweZyww6/N5OpZyLw6/nV8YhYiJHHNQMTwhsDQyXAsvCsdjXUee:Te6/Wd6/VYAHHNrTHdQsaEXV

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks