General

  • Target

    PO-SKT113693 - I6507004R - 21721.doc

  • Size

    291KB

  • Sample

    240430-rrk7jsgh8t

  • MD5

    2892fcf31050aab9033a4a4b2f7f590a

  • SHA1

    885a67f13a76e7144a246c2aba893d2538506c14

  • SHA256

    7ec7d1e342530c0caa19bb7171537bb493e7bd23e1808c4b85baf31dc6968941

  • SHA512

    1835756d9fa1871d972217227a949282ee810356c58a293b2621190f0134b1f48d08f9c5de398d27e3baf1a0ce8f62bad6d15d5b6f8db5a00b0bf733401fa92d

  • SSDEEP

    6144:jwAYwAYwAYwAYwAYwAYwAYwAYwAYwAqp1Ok/5GjM:f

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

btrd

Decoy

everslane.com

prairieviewelectric.online

dszvhgd.com

papamuch.com

8129k.vip

jeffreestar.gold

bestguestrentals.com

nvzhuang1.net

anangtoto.com

yxfgor.top

practicalpoppers.com

thebestanglephotography.online

koormm.top

criika.net

audioflow.online

380747.net

jiuguanwang.net

bloxequities.com

v321c.com

sugar.monster

Targets

    • Target

      PO-SKT113693 - I6507004R - 21721.doc

    • Size

      291KB

    • MD5

      2892fcf31050aab9033a4a4b2f7f590a

    • SHA1

      885a67f13a76e7144a246c2aba893d2538506c14

    • SHA256

      7ec7d1e342530c0caa19bb7171537bb493e7bd23e1808c4b85baf31dc6968941

    • SHA512

      1835756d9fa1871d972217227a949282ee810356c58a293b2621190f0134b1f48d08f9c5de398d27e3baf1a0ce8f62bad6d15d5b6f8db5a00b0bf733401fa92d

    • SSDEEP

      6144:jwAYwAYwAYwAYwAYwAYwAYwAYwAYwAqp1Ok/5GjM:f

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks