formbook | 970aa1ea39079684830789ad8c5c9cbf9777b65fdb44130aa8bbe4b88245e6fc | Triage

Submit
Reports

Overview

overview

Static

static

SecuriteIn...09.rtf

windows7_x64

SecuriteIn...09.rtf

windows10_x64

1

Sharing

General

Target

SecuriteInfo.com.Exploit.Rtf.Obfuscated.16.18733.11009
Size

1.8MB
Sample

210111-aznttj1xl2
MD5

f4230f83573dbf097b3219588cd656f2
SHA1

276874cf73eea9c561525b4f45e23acb84a59e33
SHA256

970aa1ea39079684830789ad8c5c9cbf9777b65fdb44130aa8bbe4b88245e6fc
SHA512

2933e892851cfdec1c3a12880b29e5426259857a657471ee2410bb5bda1ec2ed11223a03a1b7924e85dcab8d3975c50b8caed271962abe583cd52ae227dee7e2

Score

10^/10

formbook rat spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

SecuriteInfo.com.Exploit.Rtf.Obfuscated.16.18733.11009.rtf

Resource

win7v20201028

formbook rat spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

SecuriteInfo.com.Exploit.Rtf.Obfuscated.16.18733.11009.rtf

Resource

win10v20201028

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

formbook

C2

http://www.familyof2.com/p3c/

Decoy

scsykt.com

333999dy.com

soaringhood.net

thejaxstar.com

sakura-wedding.com

ussalesmarketing.com

mathworksheetsforkids.net

bestchinesefoods.com

theparkchi.com

cb6333.com

xldd0817nt15vkr6.xyz

joyousheartphotography.com

kittylol.com

caufooding.com

pippamalmgren.life

saveitall.today

connect-clarity.info

smartestgift.com

nilshana.com

arkpropertysolutions.com

iircad.com

theidahojosh.com

theperfect-date.com

roboeditor.com

battlebornbourbon.net

supermarioplumbing.net

ingrid4u.com

kirkwoodexecutive.com

centroufologicosiciliano.info

opostoriesfromthenba.com

issuingsolution.com

coronakite.com

money-beast.com

adboozl.com

ideasdelvino.com

betwho.site

wanshanglian.com

nehyam.com

mohdaziz.com

niagateknik.com

archivosr.com

appositedocument.club

cleanviser.com

the1099guy.com

beautyprorecommends.com

shireprojectservices.com

crony-resolute.info

lnlenqin.com

task-center.com

wherecanidropoffmyballot.net

goroito-glashaus.com

collegiate-services.com

putrajayamall.com

dodiblunts.com

amusingsbyamber.com

lifelongcart.com

nuestravida.site

braidwood-uk.com

sirg-consulting.com

farleymullen.com

cchidwick.xyz

nutritionaldonuts.com

dbf.network

comercializadorasepter.net

Targets

- Target
  
  SecuriteInfo.com.Exploit.Rtf.Obfuscated.16.18733.11009
- Size
  
  1.8MB
- MD5
  
  f4230f83573dbf097b3219588cd656f2
- SHA1
  
  276874cf73eea9c561525b4f45e23acb84a59e33
- SHA256
  
  970aa1ea39079684830789ad8c5c9cbf9777b65fdb44130aa8bbe4b88245e6fc
- SHA512
  
  2933e892851cfdec1c3a12880b29e5426259857a657471ee2410bb5bda1ec2ed11223a03a1b7924e85dcab8d3975c50b8caed271962abe583cd52ae227dee7e2
Score

10^/10

formbook rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Formbook Payload
  rat
- Blocklisted process makes network request
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookratspywarestealertrojan

behavioral2

© 2018-2024

Terms | Privacy