formbook | 0ed349a732a4c26e6d9fd8d7311239bf86dc676a77ea6fe73c58a676373814a0 | Triage

Submit
Reports

Overview

overview

Static

static

Ordine di ...68.doc

windows7_x64

Ordine di ...68.doc

windows10_x64

1

Sharing

General

Target

Ordine di acquisto GM004868.doc
Size

572KB
Sample

210420-6qp2sqdlc2
MD5

8e76e36ecd9c1cf7815a895060b1faf8
SHA1

808b8c09768912bd4305904d4919489c98b75ed0
SHA256

0ed349a732a4c26e6d9fd8d7311239bf86dc676a77ea6fe73c58a676373814a0
SHA512

d7348b89c470dfad0a44b5f44c50760eb835f9bec3d865a79ff1c60e0723f7aadc3c3341819b554833cd7a3b9d8429e691c6458b232a8f698e05bc83d8f46eed

Score

10^/10

formbook rat spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

Ordine di acquisto GM004868.doc

Resource

win7v20210408

formbook rat spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Ordine di acquisto GM004868.doc

Resource

win10v20210410

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.shoprodeovegas.com/xcl/

Decoy

sewingtherose.com

thesmartshareholder.com

afasyah.com

marolamusic.com

lookupgeorgina.com

plataforyou.com

dijcan.com

pawtyparcels.com

interprediction.com

fairerfinancehackathon.net

thehmnshop.com

jocelynlopez.com

launcheffecthouston.com

joyeveryminute.com

spyforu.com

ronerasanjuan.com

gadgetsdesi.com

nmrconsultants.com

travellpod.com

ballparksportscards.com

milehighcitygames.com

sophieberiault.com

2020uselectionresult.com

instantpeindia.com

topgradetutors.net

esveb.com

rftjrsrv.net

raphacall.com

wangrenkai.com

programme-zeste.com

idtiam.com

cruzealmeidaarquitetura.com

hidbatteries.com

print12580.com

realmartagent.com

tpsmg.com

mamapacho.com

rednetmarketing.com

syuan.xyz

floryi.com

photograph-gallery.com

devarajantraders.com

amarak-uniform.com

20190606.com

retailhutbd.net

craftbrewllc.com

myfreezic.com

crystalwiththecrystalz.com

ghallagherstudent.com

britishretailawards.com

thegoldenwork.com

dineztheunique.com

singlelookin.com

siyuanshe.com

apgfinancing.com

slicktechgadgets.com

wellemade.com

samytango.com

centaurme.com

shuairui.net

styleket.com

wpcfences.com

opolclothing.com

localiser.site

Targets

- Target
  
  Ordine di acquisto GM004868.doc
- Size
  
  572KB
- MD5
  
  8e76e36ecd9c1cf7815a895060b1faf8
- SHA1
  
  808b8c09768912bd4305904d4919489c98b75ed0
- SHA256
  
  0ed349a732a4c26e6d9fd8d7311239bf86dc676a77ea6fe73c58a676373814a0
- SHA512
  
  d7348b89c470dfad0a44b5f44c50760eb835f9bec3d865a79ff1c60e0723f7aadc3c3341819b554833cd7a3b9d8429e691c6458b232a8f698e05bc83d8f46eed
Score

10^/10

formbook rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Blocklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

formbookratspywarestealertrojan

behavioral2

© 2018-2024

Terms | Privacy