formbook | 818220205205240d3372acfecafd1a44859b249fced60a9a5511318306ff1aa4 | Triage

Sharing

General

Target

RFQ.xlsx
Size

1.2MB
Sample

210113-dyl4xbq7mx
MD5

6d15e3fa6531d655568411b2f2386f57
SHA1

d0d75807dac5812ff5a8f750a27a30c0bb4a1988
SHA256

818220205205240d3372acfecafd1a44859b249fced60a9a5511318306ff1aa4
SHA512

e7c4ff1ae95696a32b612058f1a78e7294cb36138b38ce5352a2c3cf9c09d9f5463fe2d87483a1bff8d83610ab65605fa16370a65f30dc14f286a07835daca3a

Score

10^/10

formbook rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

C2

http://www.bytecommunication.com/aky/

Decoy

jeiksaoeklea.com

sagame-auto.net

soloseriolavoro.com

thecreatorsbook.com

superskritch.com

oroxequipment.com

heart-of-art.online

liwedfg.com

fisherofsouls.com

jota.xyz

nehyam.com

smart-contact-delivery.com

hoom.guru

dgryds.com

thesoakcpd.com

mishv.com

rings-factory.info

bero-craft-beers.com

podcastnamegenerators.com

856379813.xyz

Targets

- Target
  
  RFQ.xlsx
- Size
  
  1.2MB
- MD5
  
  6d15e3fa6531d655568411b2f2386f57
- SHA1
  
  d0d75807dac5812ff5a8f750a27a30c0bb4a1988
- SHA256
  
  818220205205240d3372acfecafd1a44859b249fced60a9a5511318306ff1aa4
- SHA512
  
  e7c4ff1ae95696a32b612058f1a78e7294cb36138b38ce5352a2c3cf9c09d9f5463fe2d87483a1bff8d83610ab65605fa16370a65f30dc14f286a07835daca3a
Score

10^/10

formbook rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Blocklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Exploitation for Client Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Scripting

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookratspywarestealertrojan

behavioral2