formbook | 15655af972b632964f3327334c8809fb6cd6cd04e43f4548a32a5bb5743a75bc | Triage

Sharing

General

Target

b115f24fcecce5e8661300527a748448.rtf
Size

9KB
Sample

201120-tfcp5pwja6
MD5

b115f24fcecce5e8661300527a748448
SHA1

9673703628a2edf4fea0b3a764357f82b4c9ce9f
SHA256

15655af972b632964f3327334c8809fb6cd6cd04e43f4548a32a5bb5743a75bc
SHA512

981c6e16ef59a337a1375367a048e63c877550137e01b7854356355c1f876c3118d606adeb33b0a047645b7eeb3806ed0a72aed5a36d7b7be4699ce23c5818ed

Score

10^/10

formbook rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

C2

http://www.digitalcashteam.com/glt/

Decoy

blingenterprises.net

opalthemovie.com

auctionpros.club

simplyfluffy.com

nanbuild.net

1extrafast.com

active-connector.xyz

ocewnbank.com

zekmer.com

6755e.com

ryry-s1.com

pastrami.house

shivamall.com

activateportusaludybelleza.com

homeprosrva.com

tessuto.net

christopherspecht.com

ti-an-dossen.com

universe.icu

healthmixtt.com

Targets

- Target
  
  b115f24fcecce5e8661300527a748448.rtf
- Size
  
  9KB
- MD5
  
  b115f24fcecce5e8661300527a748448
- SHA1
  
  9673703628a2edf4fea0b3a764357f82b4c9ce9f
- SHA256
  
  15655af972b632964f3327334c8809fb6cd6cd04e43f4548a32a5bb5743a75bc
- SHA512
  
  981c6e16ef59a337a1375367a048e63c877550137e01b7854356355c1f876c3118d606adeb33b0a047645b7eeb3806ed0a72aed5a36d7b7be4699ce23c5818ed
Score

10^/10

formbook rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Blacklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

formbookratspywarestealertrojan

behavioral2