formbook | 0a07a25107fbbaede9d4fd47e306e666fd8694535e4ca6da79d7e33569efb52e | Triage

Submit
Reports

Overview

overview

Static

static

IMG_010357.doc

windows7_x64

IMG_010357.doc

windows10_x64

1

Sharing

General

Target

IMG_010357.doc
Size

784KB
Sample

210119-nd16tsf58e
MD5

802a08275e329d68836ba4d9afe7d9ab
SHA1

248f795f372cb4ed8ccd3385c976131e8b31598e
SHA256

0a07a25107fbbaede9d4fd47e306e666fd8694535e4ca6da79d7e33569efb52e
SHA512

4c81b299d081ee0ac28e0ac99989c0bbb7a20de3dc660a1f91ffd86ae785a3a98ce73a25c4f0ab304def3c514d3a893de82e71c05634ab874b51cd45f32b92ea

Score

10^/10

formbook rat spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

IMG_010357.doc

Resource

win7v20201028

formbook rat spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

IMG_010357.doc

Resource

win10v20201028

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

formbook

C2

http://www.vitajwb.com/irux/

Decoy

heteltht.com

transbordaquemultiplica.com

ispartakulecleaner.com

woodcutter.website

gy88api8888.com

forsagemagic.com

greenqobbler.com

piligame.com

pcbet333.com

superpuzzlegames.com

jameslearyrealestate.com

acmarketinghacks.com

world-travel.xyz

sprayfoampocatello.com

anshangbao.com

qacpilotacademy.com

aodaicali.com

aarusystems.com

potion-designs.com

bajaenvocho.com

ourwfh.com

upliftfurnitureconcepts.com

almurasilnews.com

thestillmancowboyhats.com

blessedparfum.com

brandceowd.com

dekenchar.com

leaseplein.com

riverandrailga.com

smartbandbtraders.com

www-instagramhelpcenter.com

maneinstinct.com

jennifer-jones.com

exonmobilerewardsplua.com

westgateoptometry.net

cornelldevelopment.com

grhkj.com

authenicblackculture.com

feriavirtualdelibros.com

mountresonant.life

shopcelebratory.com

juliaaiz.art

fiveminutefixers.net

limonseltzer.com

skinsworldtrade.com

xn--vhqqb70qmrhwmvnh0e.xyz

rangers3.xyz

meixia.space

xn----7sbncclroqxy.xn--p1acf

cindybakerdesigns.com

ccheapvrshop.com

ymoac.com

well-being.international

ymdycrea.net

bowlboo.com

marikajboutique.com

ckhomecare.com

meimingvip.com

dwicans-8.info

downtoearthdiner.com

nantoeas.club

mugephoto.com

bestey.com

opinnovatesmx.com

Targets

- Target
  
  IMG_010357.doc
- Size
  
  784KB
- MD5
  
  802a08275e329d68836ba4d9afe7d9ab
- SHA1
  
  248f795f372cb4ed8ccd3385c976131e8b31598e
- SHA256
  
  0a07a25107fbbaede9d4fd47e306e666fd8694535e4ca6da79d7e33569efb52e
- SHA512
  
  4c81b299d081ee0ac28e0ac99989c0bbb7a20de3dc660a1f91ffd86ae785a3a98ce73a25c4f0ab304def3c514d3a893de82e71c05634ab874b51cd45f32b92ea
Score

10^/10

formbook rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Blocklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

formbookratspywarestealertrojan

behavioral2

© 2018-2024

Terms | Privacy