formbook | fe0ebbec69296e6fa9073104bb2f1448bdeeeb040511af7b3bad04fa529da38c | Triage

Submit
Reports

Overview

overview

Static

static

RFQ-450987643.doc.rtf

windows7_x64

RFQ-450987643.doc.rtf

windows10_x64

1

Sharing

General

Target

RFQ-450987643.doc
Size

1.5MB
Sample

210118-b9tsne8acn
MD5

d1e131610fac2e4923e4b41c143930c0
SHA1

b697187ded059e330e334e8959b500b2720b7498
SHA256

fe0ebbec69296e6fa9073104bb2f1448bdeeeb040511af7b3bad04fa529da38c
SHA512

b013702eb35285c77b950023b86e8f1a30648a7fbc7e3a89edb9bd3df17506cd33ba4f92f35998db637e7fc1a9b5d72a756957a21a825c202cc48e16ed0d4852

Score

10^/10

formbook rat spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

RFQ-450987643.doc.rtf

Resource

win7v20201028

formbook rat spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

RFQ-450987643.doc.rtf

Resource

win10v20201028

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

formbook

C2

http://www.priscilafiorini.com/rcm/

Decoy

stunninggfe-ready.today

mlmtalks.com

mountainpeakcafe.com

vlmportraits.com

broskiusa.com

yunquenet.com

webinargifts.com

theatomicclean.com

baselinefibertothehome.net

newworldnails.net

plbmw.com

natsringswerp.com

h2o4all.life

alcoholxpress.com

heliumantennaguide.com

amazon-account-app-service.com

gandhiinfotech.com

abacapitals.com

daoxfi.com

radiocota.com

kuroneko-goethe.life

id.coffee

florhodge.com

eca-group.net

vflat.world

manomkt.com

like.vision

mortgagerefinancinginc.com

vulture-yachts.com

xn--hy1bu0vivd7pa.com

croghen.com

xlcsff2020.xyz

doricwilson.com

freisaq.com

innopre.com

newyorkbr.com

fnnanowesterncanada.com

onlinetourspty.com

player-wheels.net

bloomingtonphotography.com

manateetreeservices.com

organicpepperseeds.com

jpq.xyz

deservelevel.technology

my-emissions.com

aspenridgewyoming.com

winyourmillion.com

studentfreedomalliance.com

fatisfying.com

profitableonlinebusiness.site

fufumail.com

acuracollisioncertified.com

rabbicloud.com

dsgqhg.com

beeriderrebates.com

homesecurityfortpierce.com

luabreupersonalizados.com

fashioncentsconsignments.com

buckislandfarms.com

m6onthego.com

triciavogt.com

orgasmornothing.com

iwrfwe.com

testfixmybariatrics.com

Targets

- Target
  
  RFQ-450987643.doc
- Size
  
  1.5MB
- MD5
  
  d1e131610fac2e4923e4b41c143930c0
- SHA1
  
  b697187ded059e330e334e8959b500b2720b7498
- SHA256
  
  fe0ebbec69296e6fa9073104bb2f1448bdeeeb040511af7b3bad04fa529da38c
- SHA512
  
  b013702eb35285c77b950023b86e8f1a30648a7fbc7e3a89edb9bd3df17506cd33ba4f92f35998db637e7fc1a9b5d72a756957a21a825c202cc48e16ed0d4852
Score

10^/10

formbook rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Formbook Payload
  rat
- Blocklisted process makes network request
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

formbookratspywarestealertrojan

behavioral2

© 2018-2024

Terms | Privacy