formbook | 052c6dd23430c3cb18615febd286a20e4fbfdcaa66f45d00b0f8fa1d1e70d92b | Triage

Submit
Reports

Overview

overview

Static

static

Order No.4...oc.rtf

windows7_x64

Order No.4...oc.rtf

windows10_x64

1

Sharing

General

Target

Order No.428 1-18-2021 BA URUS BINA (M) SDN BHD.doc
Size

1.5MB
Sample

210118-sgl59xp1lj
MD5

6afa446a78ee1e4003e2419c4b3ff648
SHA1

d8ab568179d3dae50e76e7ff0aa6ecb18da84377
SHA256

052c6dd23430c3cb18615febd286a20e4fbfdcaa66f45d00b0f8fa1d1e70d92b
SHA512

73b0d69a4a134ced282db75f0de06c426db87620bbddf8f030bd2658efe3cc5adf392a5a9ab9a3900b6820010eed2f6c227d2dd9e78121781e7967f3e6443ee2

Score

10^/10

formbook rat spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

Order No.428 1-18-2021 BA URUS BINA (M) SDN BHD.doc.rtf

Resource

win7v20201028

formbook rat spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Order No.428 1-18-2021 BA URUS BINA (M) SDN BHD.doc.rtf

Resource

win10v20201028

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

formbook

C2

http://www.histasinsaat.com/lbn/

Decoy

sanfordrubenstein.net

snehamsolutions.com

sinteredfilter.net

cabinetbernat.com

misatani.com

buttlickhollow.com

alkhatalaswadcomputer.com

odiamonds.jewelry

persentage.club

shesthemanunited.com

boxstaging.com

thetwelvepercentstore.com

mlwgsjabberwock.com

sportscardhq.com

philadelphiaartgallery.com

globalgambling.com

czwykj.com

dizivadi.com

emmaluther.com

searko.com

enjoyingitaly.com

savage-playground.com

startupyoursuccess.com

gokulmedia.com

jbhelpme.com

paranormalchronicle.com

xn--15t807d6kdfva.site

dailyroo.com

xn--3iqa8101avze.com

figandoliveco.com

megami-trading.com

crafit-mie.com

spankwirew.com

restoretherainbow.com

traceyirie.com

miebookfavorito.com

solarsuriname.com

luxeandwhite.com

shuazuan58.com

engakc.com

kitabimigetir.com

chesterchan.com

smartwatchspacespeed.com

ncmbwz.com

bangandmash.com

noon-bay.com

worldthamizhacademylibrary.com

cosmeticosacessorios.com

crying-in-the-castle.com

luminarstudio.info

vacationlandinsurance.com

singleboardcomputerexpo.com

littlemagicmachines.com

mulyanatamateknik.com

thelifeofpepperpoetrylovers.com

westernjeweler.com

kratompodcast.com

akirabacklondon.com

diamondpowerwashes.com

kianna.net

caterfl.com

michaelurbowiczart.com

variationsinvarnish.com

weyersonline.com

Targets

- Target
  
  Order No.428 1-18-2021 BA URUS BINA (M) SDN BHD.doc
- Size
  
  1.5MB
- MD5
  
  6afa446a78ee1e4003e2419c4b3ff648
- SHA1
  
  d8ab568179d3dae50e76e7ff0aa6ecb18da84377
- SHA256
  
  052c6dd23430c3cb18615febd286a20e4fbfdcaa66f45d00b0f8fa1d1e70d92b
- SHA512
  
  73b0d69a4a134ced282db75f0de06c426db87620bbddf8f030bd2658efe3cc5adf392a5a9ab9a3900b6820010eed2f6c227d2dd9e78121781e7967f3e6443ee2
Score

10^/10

formbook rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Formbook Payload
  rat
- Blocklisted process makes network request
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

formbookratspywarestealertrojan

behavioral2

© 2018-2024

Terms | Privacy