formbook | aab172b9c20aebdf70dbced4a259c4318a13216a803e7e816e841fbd5f7d7e88 | Triage

Sharing

General

Target

Draft shipping docs.xlsx
Size

1.9MB
Sample

210112-vt8bcvx392
MD5

e3cbb9f2fa65eb74780f05bd16ef3832
SHA1

2d80176ed96b118c698bd2a848198b999c33e1e5
SHA256

aab172b9c20aebdf70dbced4a259c4318a13216a803e7e816e841fbd5f7d7e88
SHA512

66d67b4618876fd95893443aa1ce6facba20ccbabe8a213b58e51fc0c1568197931d6436c5e2a570227429b689d4372f3a98cb29cfeeed319a2fd616842d75eb

Score

10^/10

formbook rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

C2

http://www.aftabzahur.com/wgn/

Decoy

kokokara-life-blog.com

faswear.com

futureleadershiptoday.com

date4done.xyz

thecouponinn.com

bbeycarpetsf.com

propolisnasalspray.com

jinjudiamond.com

goodevectors.com

nehyam.com

evalinkapuppets.com

what-if-statistics.com

rateofrisk.com

impacttestonlinne.com

servis-kaydet.info

coloniacafe.com

marcemarketing.com

aarigging.com

goddesswitchery.com

jasqblo.icu

Targets

- Target
  
  Draft shipping docs.xlsx
- Size
  
  1.9MB
- MD5
  
  e3cbb9f2fa65eb74780f05bd16ef3832
- SHA1
  
  2d80176ed96b118c698bd2a848198b999c33e1e5
- SHA256
  
  aab172b9c20aebdf70dbced4a259c4318a13216a803e7e816e841fbd5f7d7e88
- SHA512
  
  66d67b4618876fd95893443aa1ce6facba20ccbabe8a213b58e51fc0c1568197931d6436c5e2a570227429b689d4372f3a98cb29cfeeed319a2fd616842d75eb
Score

10^/10

formbook rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Blocklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Exploitation for Client Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Scripting

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookratspywarestealertrojan

behavioral2