General

  • Target

    nell.doc

  • Size

    513KB

  • Sample

    240717-ld4h3sxepe

  • MD5

    fb3027e4c7adc0370181f6f73c6dff33

  • SHA1

    9ded925615bd1ef1c5dd88febdd10b1bb29b83df

  • SHA256

    da7597eed278b6ebb330685e1caea6c1bc6ad9b2abff9afa05633f4cb5f7a123

  • SHA512

    70325e60251e76ef02a505d77fd2f01fbe1a67796dd2187a24533200dbdf80d4b5e352b0dc87a7c714f78edc776bac10f8625d66126e261bf69cf5eb0d8bdad4

  • SSDEEP

    6144:W62W62W62W62W62W62W62W62W62W62W62W62W62W62W62W62W62W62W62W62W626:ZP

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

btrd

Decoy

everslane.com

prairieviewelectric.online

dszvhgd.com

papamuch.com

8129k.vip

jeffreestar.gold

bestguestrentals.com

nvzhuang1.net

anangtoto.com

yxfgor.top

practicalpoppers.com

thebestanglephotography.online

koormm.top

criika.net

audioflow.online

380747.net

jiuguanwang.net

bloxequities.com

v321c.com

sugar.monster

Targets

    • Target

      nell.doc

    • Size

      513KB

    • MD5

      fb3027e4c7adc0370181f6f73c6dff33

    • SHA1

      9ded925615bd1ef1c5dd88febdd10b1bb29b83df

    • SHA256

      da7597eed278b6ebb330685e1caea6c1bc6ad9b2abff9afa05633f4cb5f7a123

    • SHA512

      70325e60251e76ef02a505d77fd2f01fbe1a67796dd2187a24533200dbdf80d4b5e352b0dc87a7c714f78edc776bac10f8625d66126e261bf69cf5eb0d8bdad4

    • SSDEEP

      6144:W62W62W62W62W62W62W62W62W62W62W62W62W62W62W62W62W62W62W62W62W626:ZP

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks