formbook | edff50baf76f61fd72952a9b613757729994ef745773d7b7ad67f352c302873d | Triage

Submit
Reports

Overview

overview

Static

static

TT Slip.doc.rtf

windows7_x64

TT Slip.doc.rtf

windows10_x64

1

Sharing

General

Target

TT Slip.doc
Size

1.5MB
Sample

210119-2f8jsf1l4e
MD5

1346939d66aaba35fc0b1038500acb57
SHA1

069163a5437a681d36bd28db647a3e09cc3c843f
SHA256

edff50baf76f61fd72952a9b613757729994ef745773d7b7ad67f352c302873d
SHA512

aa2df1c8216dea9b33044f9b06c7239d61ce9cde3ffe2a6399c5b4c02ad5603bdc4418e3c2630509e7ef19d884a66153cbbb4051633226684d9b52a7a8fdf6ac

Score

10^/10

formbook rat spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

TT Slip.doc.rtf

Resource

win7v20201028

formbook rat spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

TT Slip.doc.rtf

Resource

win10v20201028

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

formbook

C2

http://www.transparentpetcrate.com/lnb/

Decoy

sauschwein.info

ywpntv.com

gironbeautysalon.online

cryptogeekstuff.com

leosrock.com

sistersv.space

ilss.life

vshuzi.com

europeanculinarymagic.com

mdtlalab.com

boletasenorden.com

eebushe11.com

sms8888.com

arrogantjerxs.com

aboudmotors.com

vzuels.com

searko.com

thathealthysoul.com

365wt38493984284.com

solarpanelsystemflorida.com

testdummylab.com

1728025.com

vrpreservation.com

reinadelosfrikis.com

questionmaze.com

standingstoneevents.com

achraflaabassi.com

austinsubarusouth.com

africa-pif.com

the-hidden-places.com

boobieneckpillow.com

dvisionz.com

charlottescaife.com

shahedahtextiles.com

celebratewithlawilliams.com

sochobadlo.com

soccervest.com

hqyc04.com

lovepeacejoygratitude.com

pamsphils.com

miaportfolio.site

bednhomes.com

centellagoodyear.com

trubluau.com

geraheselouine.com

elkinart.com

next-setup-file.xyz

rashiratan.xyz

memotrace.com

groupdating.club

netflx-updt78f.com

ramonaestudiocreativo.com

giveawayconsumers.xyz

toponeswap.com

bestiephone.com

lifeharness.com

bikerleatherz.com

property-pleasant.website

thediamondbydoron.com

gamesredar.club

tiresgreat.info

actevate.xyz

drblowers.com

nasosd.com

Targets

- Target
  
  TT Slip.doc
- Size
  
  1.5MB
- MD5
  
  1346939d66aaba35fc0b1038500acb57
- SHA1
  
  069163a5437a681d36bd28db647a3e09cc3c843f
- SHA256
  
  edff50baf76f61fd72952a9b613757729994ef745773d7b7ad67f352c302873d
- SHA512
  
  aa2df1c8216dea9b33044f9b06c7239d61ce9cde3ffe2a6399c5b4c02ad5603bdc4418e3c2630509e7ef19d884a66153cbbb4051633226684d9b52a7a8fdf6ac
Score

10^/10

formbook rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Formbook Payload
  rat
- Blocklisted process makes network request
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

formbookratspywarestealertrojan

behavioral2

© 2018-2024

Terms | Privacy