General

  • Target

    REF_03351.doc

  • Size

    107KB

  • Sample

    231024-ghe9tsah9x

  • MD5

    a88cdb8b15c191da58017f1cecb2bb6c

  • SHA1

    ee981d84fdc3c48aa36895f9678f3436f6a36187

  • SHA256

    164f2714126814149fbed4dc3ae5b82fdf8ba50ff6e01011b110103147bd3b38

  • SHA512

    282f86b377dfda48b7adc2c7d2e06a525e72c2dc419915766e9e15105ac66529ea081f16f5881f240f3ed9b39d1d51f32df05abae3b8fe2604c569666eeb634b

  • SSDEEP

    768:lwAbZSibMX9gRWjmBbnuTgoOC92TkvjDQDUuXngQmjsB5FAj:lwAlRPlyzZ2TkvjDQIuw2B5i

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

o5pf

Decoy

readyupgraphics.com

linkduren77.xyz

aeronoms.com

dingyaping.com

813tv.net

emerge-marketing.com

janvori.online

sublimardr.com

jaggerglass.autos

mp3juices.work

alexandrasfinejewelery.com

tepatoken.com

snugglewash.com

hmoney.net

whatpowerplug.com

baassource.online

piscogastrolounge.com

shower-installation-15244.bond

zxhzgroup.com

vcxz800.website

Targets

    • Target

      REF_03351.doc

    • Size

      107KB

    • MD5

      a88cdb8b15c191da58017f1cecb2bb6c

    • SHA1

      ee981d84fdc3c48aa36895f9678f3436f6a36187

    • SHA256

      164f2714126814149fbed4dc3ae5b82fdf8ba50ff6e01011b110103147bd3b38

    • SHA512

      282f86b377dfda48b7adc2c7d2e06a525e72c2dc419915766e9e15105ac66529ea081f16f5881f240f3ed9b39d1d51f32df05abae3b8fe2604c569666eeb634b

    • SSDEEP

      768:lwAbZSibMX9gRWjmBbnuTgoOC92TkvjDQDUuXngQmjsB5FAj:lwAlRPlyzZ2TkvjDQIuw2B5i

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks