formbook | c45b33aef7f1099da1d1bf669f1082b3cf4d3bbe9e79a98a254b861d264fb143 | Triage

Submit
Reports

Overview

overview

Static

static

Ordine di ...21.doc

windows7_x64

Ordine di ...21.doc

windows10_x64

1

Sharing

General

Target

Ordine di acquisto 200421.doc
Size

635KB
Sample

210421-27fxnjtjp2
MD5

2d7a434b986c29f53e6b78b2c13c6589
SHA1

34d24e17b76c7092ea363c408870f6d075d5b70b
SHA256

c45b33aef7f1099da1d1bf669f1082b3cf4d3bbe9e79a98a254b861d264fb143
SHA512

ddc46d7a4d0376b32e30d9601ee91b9bf9a45bb8021d47015dafa4d4254a7d6565bfa505511510eca7d31c08740d24066ae5d6c6d66df0e23d5de1172f81a346

Score

10^/10

formbook rat spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

Ordine di acquisto 200421.doc

Resource

win7v20210410

formbook rat spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Ordine di acquisto 200421.doc

Resource

win10v20210408

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.shoprodeovegas.com/xcl/

Decoy

sewingtherose.com

thesmartshareholder.com

afasyah.com

marolamusic.com

lookupgeorgina.com

plataforyou.com

dijcan.com

pawtyparcels.com

interprediction.com

fairerfinancehackathon.net

thehmnshop.com

jocelynlopez.com

launcheffecthouston.com

joyeveryminute.com

spyforu.com

ronerasanjuan.com

gadgetsdesi.com

nmrconsultants.com

travellpod.com

ballparksportscards.com

milehighcitygames.com

sophieberiault.com

2020uselectionresult.com

instantpeindia.com

topgradetutors.net

esveb.com

rftjrsrv.net

raphacall.com

wangrenkai.com

programme-zeste.com

idtiam.com

cruzealmeidaarquitetura.com

hidbatteries.com

print12580.com

realmartagent.com

tpsmg.com

mamapacho.com

rednetmarketing.com

syuan.xyz

floryi.com

photograph-gallery.com

devarajantraders.com

amarak-uniform.com

20190606.com

retailhutbd.net

craftbrewllc.com

myfreezic.com

crystalwiththecrystalz.com

ghallagherstudent.com

britishretailawards.com

thegoldenwork.com

dineztheunique.com

singlelookin.com

siyuanshe.com

apgfinancing.com

slicktechgadgets.com

wellemade.com

samytango.com

centaurme.com

shuairui.net

styleket.com

wpcfences.com

opolclothing.com

localiser.site

Targets

- Target
  
  Ordine di acquisto 200421.doc
- Size
  
  635KB
- MD5
  
  2d7a434b986c29f53e6b78b2c13c6589
- SHA1
  
  34d24e17b76c7092ea363c408870f6d075d5b70b
- SHA256
  
  c45b33aef7f1099da1d1bf669f1082b3cf4d3bbe9e79a98a254b861d264fb143
- SHA512
  
  ddc46d7a4d0376b32e30d9601ee91b9bf9a45bb8021d47015dafa4d4254a7d6565bfa505511510eca7d31c08740d24066ae5d6c6d66df0e23d5de1172f81a346
Score

10^/10

formbook rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

formbookratspywarestealertrojan

behavioral2

© 2018-2024

Terms | Privacy