formbook | 2e4c648b422366723d7095a3bcbe66b547c3bc61f1448bb10793cb8ea73a6390 | Triage

Sharing

General

Target

payment advice.xlsx
Size

1.2MB
Sample

210113-knb6s4dkd6
MD5

ad817786e05c5177fbe3295d94a783b5
SHA1

2f6fd26a661aecb7ff82dee366fe4a089a19dd6b
SHA256

2e4c648b422366723d7095a3bcbe66b547c3bc61f1448bb10793cb8ea73a6390
SHA512

ed8a25bd90f675b64e6f50f6e3e5e5f5daab878f34826a23748f2cf7b1a2f77307db716243a25420d159d31c553f4de82476151cc64dc85c611270d0e17b6135

Score

10^/10

formbook rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

C2

http://www.aftabzahur.com/wgn/

Decoy

kokokara-life-blog.com

faswear.com

futureleadershiptoday.com

date4done.xyz

thecouponinn.com

bbeycarpetsf.com

propolisnasalspray.com

jinjudiamond.com

goodevectors.com

nehyam.com

evalinkapuppets.com

what-if-statistics.com

rateofrisk.com

impacttestonlinne.com

servis-kaydet.info

coloniacafe.com

marcemarketing.com

aarigging.com

goddesswitchery.com

jasqblo.icu

Targets

- Target
  
  payment advice.xlsx
- Size
  
  1.2MB
- MD5
  
  ad817786e05c5177fbe3295d94a783b5
- SHA1
  
  2f6fd26a661aecb7ff82dee366fe4a089a19dd6b
- SHA256
  
  2e4c648b422366723d7095a3bcbe66b547c3bc61f1448bb10793cb8ea73a6390
- SHA512
  
  ed8a25bd90f675b64e6f50f6e3e5e5f5daab878f34826a23748f2cf7b1a2f77307db716243a25420d159d31c553f4de82476151cc64dc85c611270d0e17b6135
Score

10^/10

formbook rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Blocklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

formbookratspywarestealertrojan

behavioral2