formbook | ef25940acecd4fd916e53386f63b8fb69102f2f13e2b7b9e89f64775da9afa08 | Triage

Submit
Reports

Overview

overview

Static

static

RFQ TK011821.doc.rtf

windows7_x64

RFQ TK011821.doc.rtf

windows10_x64

1

Sharing

General

Target

RFQ TK011821.doc
Size

1.5MB
Sample

210118-vfrg1lqbc2
MD5

ec733578c8fccf0e3930ddcb2b337228
SHA1

df8b20801a5ee07f8de71679bb434c94858b0f9e
SHA256

ef25940acecd4fd916e53386f63b8fb69102f2f13e2b7b9e89f64775da9afa08
SHA512

2af97e61aa4b3efbf1e1027f7a937130bf2e31ef21f123beff209dd72a0adbad3d1da6e8244e5ffffc3838c3439d4aa2492498866b4a5d9ba87cfd4d1cda3a59

Score

10^/10

formbook rat spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

RFQ TK011821.doc.rtf

Resource

win7v20201028

formbook rat spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

RFQ TK011821.doc.rtf

Resource

win10v20201028

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

formbook

C2

http://www.sob.xyz/p7v/

Decoy

angelksuperstar.com

yuchujiaoyu.com

beachmister.com

thebetterleadsacademy.com

maskednun.com

supermarsds.com

cutecvv.com

farmacycharcuterie.com

all-blacknyc.com

supremenursery.com

rcadefurniture.com

efreshlaser.com

quincyit.net

yasalexis1234.com

coachpayment.com

mustgift.com

kolakosaat.xyz

soltecmaredm.info

682n.com

trecommunications.com

yourdailybazar.com

allwebcamsex.com

thyhandywoman.com

arescsg.com

holisticskincarebyjanine.com

shotgun-life.net

qwemalls.com

santantoniabatcanals.com

bhmioxe.icu

webselfs.com

tryhotgirls.com

findmyiphone.services

kilanohitched.com

cbdwithcare.com

katysans.com

seem-elsewhere.info

lashprotool.com

nehyam.com

fnpleveledbooks.com

xn--maison-tmoin-ieb.com

farmacyrussia.com

wnlsgame.com

ortharizona.com

medizinazakon.online

salski.cymru

spidermanskateboards.com

stirsoda.com

kroeget.com

mytherapies.net

wealthforyounow.net

jeveuxreussirmavie.com

babllon.com

brevardcountyfl.com

920happfielddr.info

catalizresearch.com

acid-gaming.net

worldcar-sales.com

buckhead-meat.com

quomic.com

blogkatalog.com

hyfinery.com

ebnfnleoba.club

movecbus.com

globalvantop.com

Targets

- Target
  
  RFQ TK011821.doc
- Size
  
  1.5MB
- MD5
  
  ec733578c8fccf0e3930ddcb2b337228
- SHA1
  
  df8b20801a5ee07f8de71679bb434c94858b0f9e
- SHA256
  
  ef25940acecd4fd916e53386f63b8fb69102f2f13e2b7b9e89f64775da9afa08
- SHA512
  
  2af97e61aa4b3efbf1e1027f7a937130bf2e31ef21f123beff209dd72a0adbad3d1da6e8244e5ffffc3838c3439d4aa2492498866b4a5d9ba87cfd4d1cda3a59
Score

10^/10

formbook rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Formbook Payload
  rat
- Blocklisted process makes network request
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

formbookratspywarestealertrojan

behavioral2

© 2018-2024

Terms | Privacy