General

  • Target

    1aa76ce00f01882d5cd3d712b8052bc2.rtf

  • Size

    81KB

  • Sample

    240509-fry8mafb48

  • MD5

    1aa76ce00f01882d5cd3d712b8052bc2

  • SHA1

    b0cb1b9a8ada2812a013469ff5cf736b0f8da933

  • SHA256

    9ae7ad0d29ba6a855eec28c8dca1b7b43063677139463dc54640d4232489d029

  • SHA512

    ac7d9b0319aeab38a8bdea8c6094a4a73266d83ea4ee4974619bdc641197e58f1402089a9ab67a679df9920884214cfd5b69a4dcc9d8c3aa0d62165a67dcbdcb

  • SSDEEP

    1536:77VscWY5jbOYcra/iDM+nRXsSH2lDG5ODlQfg4NaQ7rXwkpez4p7sRc1HudD:qxY5jyTra/iDM+nZsSHxODEgyt7jwkpi

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ht3d

Decoy

derlon.net

46gem.vip

bridal-heart-boutique.com

porarquitectura.com

durkal.online

9916k.vip

nativegarden.net

hoodjac.com

coachwunder.com

jutuowangluo.com

frankmontagna.com

jalenx.com

yhxg.net

brasserie-bro.com

whitecoatprivilege.com

sigmadriving.com

inhkipcmacau.com

freediveexperience.com

52iwin.com

aaditt.com

Targets

    • Target

      1aa76ce00f01882d5cd3d712b8052bc2.rtf

    • Size

      81KB

    • MD5

      1aa76ce00f01882d5cd3d712b8052bc2

    • SHA1

      b0cb1b9a8ada2812a013469ff5cf736b0f8da933

    • SHA256

      9ae7ad0d29ba6a855eec28c8dca1b7b43063677139463dc54640d4232489d029

    • SHA512

      ac7d9b0319aeab38a8bdea8c6094a4a73266d83ea4ee4974619bdc641197e58f1402089a9ab67a679df9920884214cfd5b69a4dcc9d8c3aa0d62165a67dcbdcb

    • SSDEEP

      1536:77VscWY5jbOYcra/iDM+nRXsSH2lDG5ODlQfg4NaQ7rXwkpez4p7sRc1HudD:qxY5jyTra/iDM+nZsSHxODEgyt7jwkpi

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks