formbook | ea6f660d6c4499c7a446ac3bfde1cd02bd74dfe9194fd16e5c876d5c38ff56ca | Triage

Submit
Reports

Overview

overview

Static

static

Evaluation...r.docx

windows7_x64

Evaluation...r.docx

windows10_x64

1

Sharing

General

Target

Evaluation quoter.docx
Size

10KB
Sample

210427-gvn4zn73zs
MD5

2c30e2c8829b2dce3aeebe20182b7be4
SHA1

9ce579b42d60563fcb85f6e2e9d7aa32a985d386
SHA256

ea6f660d6c4499c7a446ac3bfde1cd02bd74dfe9194fd16e5c876d5c38ff56ca
SHA512

a62f890137a55f5c38085272475028f6510ee3f2717a638861a94ef7d2d3c8b2c7511080413bd6ad804015139b0d77765000d75276f5b99a36ad8a0dd3df3581

Score

10^/10

formbook rat spyware stealer trojan websettings

Static task

static1

Behavioral task

behavioral1

Sample

Evaluation quoter.docx

Resource

win7v20210410

formbook rat spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Evaluation quoter.docx

Resource

win10v20210408

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Rule

Microsoft Office WebSettings Relationship

C2

https://is.gd/EAkEcx

Extracted

Family

formbook

Version

4.1

C2

http://www.unclechef.website/pmc/

Decoy

poolbuilderhighlandpark.com

zgqcmrdswlw.com

rivalrepublic.net

vowseries.com

papmbeachcountymusic.com

unitedmarguisa.com

sparetimr.net

mmmfccynp.icu

blossom123.com

rkd6.com

luewhhedre.com

rwproducedeliveryknoxville.com

bqg5000.com

xn--jvrr98g37n88d.com

15slotozlo.site

experthairstylist.site

udalastar.com

avenstoredetailing.com

americanmicron.com

fineprintlaw.com

coolblue.digital

harfeakharkonkur.com

syinga-auto.com

tripmaker-japan.xyz

showtownapparel.com

daskonveyor.com

zibeicao.com

kirkvanpropertiesllc.info

sedekahbungkus.net

worldjpns.com

eagleswiftcourierservice.com

litbk.com

nextkineti.com

universallogisticvd.com

bowlesscottages.com

casey-key-real-estate.com

beamconcordlogistics.com

theaccountableteamscoach.com

cheikh-faye.com

adbhutrahsya.com

t-vcb.com

brikissell.com

organizingbypaty.com

zuisyoraku.com

inspiredpractice.net

nickstradi.pro

nelivo.com

expedientedurango.com

kasrax.com

thebespokelaboratory.com

riverwayfarm.com

adecquo.com

avizory.com

awaywegoo.com

mohamedsaad.net

abbbbha13.art

plazafaro.com

thetechnicalgeeks.com

confiercollection.com

msvpoa.com

centreatmillenniumpark.com

billboardnext.tech

sanfranciscoliving.info

cybernacle.website

Targets

- Target
  
  Evaluation quoter.docx
- Size
  
  10KB
- MD5
  
  2c30e2c8829b2dce3aeebe20182b7be4
- SHA1
  
  9ce579b42d60563fcb85f6e2e9d7aa32a985d386
- SHA256
  
  ea6f660d6c4499c7a446ac3bfde1cd02bd74dfe9194fd16e5c876d5c38ff56ca
- SHA512
  
  a62f890137a55f5c38085272475028f6510ee3f2717a638861a94ef7d2d3c8b2c7511080413bd6ad804015139b0d77765000d75276f5b99a36ad8a0dd3df3581
Score

10^/10

formbook rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Abuses OpenXML format to download file from external location
- Loads dropped DLL
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

formbookratspywarestealertrojan

behavioral2

© 2018-2024

Terms | Privacy