Overview

overview

10

Static

static

1

79ac3fe212...92.xls

windows7-x64

10

79ac3fe212...92.xls

windows10-2004-x64

1

Resubmissions

26/01/2024, 09:27

240126-le78nabhgp 10

26/01/2024, 03:56

240126-ehp3xseggj 10

26/01/2024, 03:37

240126-d6nz4addf3 10

26/01/2024, 03:32

240126-d3t2yadce7 10

24/01/2024, 22:33

240124-2ggfqaafej 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    79ac3fe2128c0112a909595d7fba42fbe1b98511527c39fc43b0041e53165292.zip

  • Size

    513KB

  • Sample

    240126-ehp3xseggj

  • MD5

    92f55ee4994108c11c2bb2ea8748c91e

  • SHA1

    f9e2f9a0430dc5184575df690c99de901b9cf363

  • SHA256

    39c1271011e9b409f1de1e828038caf1fd9b655fd77bf98ba2335c1e46109b3a

  • SHA512

    d70c52cd1dd38ffb3e5135a96193f1c46f41825cc72fea7c012e51cc6f453686cf77d5259160ec22e1f22cd38b2c28a5011ce5db707012b832753e0592b34ef0

  • SSDEEP

    12288:a4lUBIg2TUpWWrLIRjjK6D/deQRo1soX3xy234aMUTn:7uIg2OqzDsQRo102obUT

Score
10/10
formbookde74persistenceratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

de74

Decoy

etincelampe.com

woogleconsulting.com

babali-jhr.com

morgankeyword.top

alanwake11.website

apkreal.net

wbcdjxrz.shop

ecocuidado.com

lotre.lol

djgeecee.com

actioncarmadirection.com

antoniolivt.net

dlfmetaverse.com

feconvietnam.com

qqth.site

humanowl.com

ework.store

8xb829.com

gkvcxx3.sbs

nenmeijinzhi.buzz

Targets

    • Target

      79ac3fe2128c0112a909595d7fba42fbe1b98511527c39fc43b0041e53165292.xls

    • Size

      543KB

    • MD5

      0016f351a1b6d698ccfcb74757a28cca

    • SHA1

      4037ce0f3c5fc2dd1d7380b93e7ad3b8645c4d20

    • SHA256

      79ac3fe2128c0112a909595d7fba42fbe1b98511527c39fc43b0041e53165292

    • SHA512

      71293e548b417ce6e6269828b43eab055635e6412bb18ce764e6cd664426ad60a297e6fdd1eb7ae0848480d5c2621ce440201d76b01f79266520e7ae936c9ed8

    • SSDEEP

      12288:nasqZWQmmme6v3QLQuEhQpozwjTqCfgpYsAQ3FvjfSmaj/w:yWQmmav30xiWWCfg7RW

    Score
    10/10
    formbookde74persistenceratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Abuses OpenXML format to download file from external location

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks