formbook | 69f600cd0a147b4209768992bf6c707d7ff197a6952e373cca08a9cc8bff1fd6 | Triage

Sharing

General

Target

inquiry10204168.xlsx
Size

1.2MB
Sample

210113-58728xgm2x
MD5

07f99c2135effb00a334fdd978259cb3
SHA1

32bbe469f0222276b5d0a6947ba6f137221e8617
SHA256

69f600cd0a147b4209768992bf6c707d7ff197a6952e373cca08a9cc8bff1fd6
SHA512

77aabef86541d9be0e87094badf37b8f4e0342a8cfd39d7f3f865d81e0a97a8563b8c36dca18c6c0b619c36c93484ea673a0cf5153013e86bd906a74889ef918

Score

10^/10

formbook rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

C2

http://www.theatomicshots.com/xle/

Decoy

tknbr.com

loyaloneconstruction.com

what-where.com

matebacapital.com

marriedandmore.com

qiemfsolutions.com

graececonsulting.com

www7456.com

littlefreecherokeelibrary.com

tailgatepawkinglot.com

musheet.com

tesfamariamtb.com

1728025.com

xceltechuae.com

harperandchloe.com

thepamperedbarber.com

5050alberta.com

supplychainstrainer.com

lacorte.group

ringingbear.com

Targets

- Target
  
  inquiry10204168.xlsx
- Size
  
  1.2MB
- MD5
  
  07f99c2135effb00a334fdd978259cb3
- SHA1
  
  32bbe469f0222276b5d0a6947ba6f137221e8617
- SHA256
  
  69f600cd0a147b4209768992bf6c707d7ff197a6952e373cca08a9cc8bff1fd6
- SHA512
  
  77aabef86541d9be0e87094badf37b8f4e0342a8cfd39d7f3f865d81e0a97a8563b8c36dca18c6c0b619c36c93484ea673a0cf5153013e86bd906a74889ef918
Score

10^/10

formbook rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Blocklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

formbookratspywarestealertrojan

behavioral2