formbook

General

Target

SecuriteInfo.com.Exploit.Rtf.Obfuscated.16.5396.813
Size

1.8MB
Sample

210111-ldy9ygv7sx
MD5

fdeb0e464d28dffb8a6af124394c3603
SHA1

5870451a561fc8756e967489a72a8425f37c75ef
SHA256

e5506151004fb2bc61a295691922fb4501b5fcd02447ab2ba85fd75cd5f2e90f
SHA512

a493a808b7a329e8845f82a2492f95f7da828d18cef8c83865a91a021eec7722726168a4d8f8a7c9edb5e58ba57231164c8c17633818da91019fcf0c1b8f153d

Score

10^/10

Malware Config

Extracted

Family

formbook

C2

http://www.lisetteperez.media/th9/

Decoy

rnbgreenstreet.com

martinsburgusedcars.com

wellstamas.com

makingmeaningwithdoug.com

daqiangtouzi.com

balansfx38.com

sumershoping.com

snatcher-za.com

sanacora.world

smartlifeinternational.com

timelessthinkers.com

lineage521.com

lqesnr.com

takedaitos.com

bestcombodeals.com

dyczwkg68.com

tejaratbadrmaham.com

blockonechicago.com

buylittledreamers.com

abdulsalamyafi.com

Targets

- Target
  
  SecuriteInfo.com.Exploit.Rtf.Obfuscated.16.5396.813
- Size
  
  1.8MB
- MD5
  
  fdeb0e464d28dffb8a6af124394c3603
- SHA1
  
  5870451a561fc8756e967489a72a8425f37c75ef
- SHA256
  
  e5506151004fb2bc61a295691922fb4501b5fcd02447ab2ba85fd75cd5f2e90f
- SHA512
  
  a493a808b7a329e8845f82a2492f95f7da828d18cef8c83865a91a021eec7722726168a4d8f8a7c9edb5e58ba57231164c8c17633818da91019fcf0c1b8f153d
Score

10^/10

formbook rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Formbook Payload
  rat
- Blocklisted process makes network request
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Exploitation for Client Execution

1

T1203

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Process spawned unexpected child process

Formbook Payload

Blocklisted process makes network request

Drops file in System32 directory

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2