formbook | 4bf43d358ffe48a24655d1667c8dbcf9ad5f0d41c835dbd80e3e348198db081a | Triage

Sharing

General

Target

Payment Advice.xlsx
Size

2.4MB
Sample

210112-6ql9yyp972
MD5

90e24d9354f74d28a4b5edd8238e8fdb
SHA1

473f33184394bb97dc6625e4b7c7a35c01bd5ceb
SHA256

4bf43d358ffe48a24655d1667c8dbcf9ad5f0d41c835dbd80e3e348198db081a
SHA512

79ff76634239186e56560c9387eb874eeeda6788bffbd2e3314b69d96d998c10939a0cbe27ea18003bbe38326cf396207080437c3fe27b7b3fa5878810a13287

Score

10^/10

formbook rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

C2

http://www.zglvyouzaixian.com/nki/

Decoy

igo-digiworld.com

infrahiit.com

herhealingwater.com

inspiredbytradition.com

onlinepropertyworld.com

rvwdj.com

mudahbikinsuhi.online

multipleofferonline.com

striveyouthministry.com

affectiveneuro.net

f21m.com

perfumefashion.icu

instantcash4rvs.com

help-verifiedbadge.com

solomonislandsblog.com

vipshoppingwizard.com

doggybargains.com

fjyaoxi.net

luxpropertyandassociates.com

companyfinders.com

Targets

- Target
  
  Payment Advice.xlsx
- Size
  
  2.4MB
- MD5
  
  90e24d9354f74d28a4b5edd8238e8fdb
- SHA1
  
  473f33184394bb97dc6625e4b7c7a35c01bd5ceb
- SHA256
  
  4bf43d358ffe48a24655d1667c8dbcf9ad5f0d41c835dbd80e3e348198db081a
- SHA512
  
  79ff76634239186e56560c9387eb874eeeda6788bffbd2e3314b69d96d998c10939a0cbe27ea18003bbe38326cf396207080437c3fe27b7b3fa5878810a13287
Score

10^/10

formbook rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Blocklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Exploitation for Client Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Scripting

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookratspywarestealertrojan

behavioral2