formbook | 3687f2ed161b33f5c9dba06ac1bc784f15a83c353a594d2cf9724bcb6f9c56ff | Triage

Submit
Reports

Overview

overview

Static

static

Req No. 18...oc.rtf

windows7_x64

Req No. 18...oc.rtf

windows10_x64

1

Sharing

General

Target

Req No. 1807164 LP21.doc
Size

1.5MB
Sample

210118-dy5j2nxyq6
MD5

33ce04c3aaff4168b756498f34429eaf
SHA1

8d2526c297d691bf04cc1a3b3add8e2303841cdf
SHA256

3687f2ed161b33f5c9dba06ac1bc784f15a83c353a594d2cf9724bcb6f9c56ff
SHA512

3c641ddd9bdfff484f621d97fb7c4e1196f51cb7e5a0b81b2671351d5511909b811c0b8ac1aefec7180b215280afba889f5c2d7cedb4ecf214b5276d9289dcc7

Score

10^/10

formbook rat spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

Req No. 1807164 LP21.doc.rtf

Resource

win7v20201028

formbook rat spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Req No. 1807164 LP21.doc.rtf

Resource

win10v20201028

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

formbook

C2

http://www.raleighblacknursesrock.com/sly/

Decoy

nature-nectar.com

lavenderbunch.com

itsguapo.com

silabrenda.digital

madelynmason.com

uslawyer911.com

sumarjewelry.com

therefundexperts.com

smartunity.community

jamesdalby.com

7697vip3.com

bytethug.com

f22.info

positivechargerecycling.com

srimps.net

conversica.partners

chezmireillestore.com

ukiyoservices.com

catsdungeon.com

svactionwmdp7955.com

petnosis.com

dorealgood.vote

meganpeasley.com

southafricanbands.com

donatecbb.com

coinlocaly.com

sharbay.net

nehyam.com

niviholdings.com

baielinda.com

secserve.email

primefoodny.com

coppermachines.com

shionoriginal.com

customtiletables.com

carlsondellosa.com

studiofalaise.com

mdtilenh.com

cpointsolutions.com

iteacherpreneur.com

southerngp.com

hf-te27g5.net

laligaproplayer.com

spreadwordsnotcovid.com

propertysolutionspecialist.com

instore.express

livelinecoffee.com

transfigurethis.com

sabeelfund.com

suntour-nb.com

eatonvancewateroakadvisers.info

kakavjesajt.com

zillion-ch.com

indiancoderclub.com

gymlessbakery.com

bclub.info

atqkhmlqi.icu

gatele3s.com

smb-cybersecurity-services.com

pssjzz.com

miniteco.com

yowoit.com

analytics-ocean.com

shivamshield.com

Targets

- Target
  
  Req No. 1807164 LP21.doc
- Size
  
  1.5MB
- MD5
  
  33ce04c3aaff4168b756498f34429eaf
- SHA1
  
  8d2526c297d691bf04cc1a3b3add8e2303841cdf
- SHA256
  
  3687f2ed161b33f5c9dba06ac1bc784f15a83c353a594d2cf9724bcb6f9c56ff
- SHA512
  
  3c641ddd9bdfff484f621d97fb7c4e1196f51cb7e5a0b81b2671351d5511909b811c0b8ac1aefec7180b215280afba889f5c2d7cedb4ecf214b5276d9289dcc7
Score

10^/10

formbook rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Formbook Payload
  rat
- Blocklisted process makes network request
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

formbookratspywarestealertrojan

behavioral2

© 2018-2024

Terms | Privacy