formbook | 37d7aa935abf410814d084177c16b5a7a6353e18ef72749187bd1b5bb343da9d | Triage

Submit
Reports

Overview

overview

Static

static

Inquiry 05042021.doc

windows7_x64

Inquiry 05042021.doc

windows10_x64

1

Sharing

General

Target

Inquiry 05042021.doc
Size

374KB
Sample

210503-pjh6fx4csj
MD5

e9260ff7bb6e35d8fa72e725c017b6bd
SHA1

78f98dfacba3e97edc359934ed96733c28ae9ecb
SHA256

37d7aa935abf410814d084177c16b5a7a6353e18ef72749187bd1b5bb343da9d
SHA512

08c3fc0e6f6b7d3e6d3a811ec3e31b749acd3c7f125a98030ba3672e12f4b1a51f018b9290172a8ab6aece9529844e40625c2184de326120213b786f6541655a

Score

10^/10

formbook rat spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

Inquiry 05042021.doc

Resource

win7v20210410

formbook rat spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Inquiry 05042021.doc

Resource

win10v20210410

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.shoprodeovegas.com/xcl/

Decoy

sewingtherose.com

thesmartshareholder.com

afasyah.com

marolamusic.com

lookupgeorgina.com

plataforyou.com

dijcan.com

pawtyparcels.com

interprediction.com

fairerfinancehackathon.net

thehmnshop.com

jocelynlopez.com

launcheffecthouston.com

joyeveryminute.com

spyforu.com

ronerasanjuan.com

gadgetsdesi.com

nmrconsultants.com

travellpod.com

ballparksportscards.com

milehighcitygames.com

sophieberiault.com

2020uselectionresult.com

instantpeindia.com

topgradetutors.net

esveb.com

rftjrsrv.net

raphacall.com

wangrenkai.com

programme-zeste.com

idtiam.com

cruzealmeidaarquitetura.com

hidbatteries.com

print12580.com

realmartagent.com

tpsmg.com

mamapacho.com

rednetmarketing.com

syuan.xyz

floryi.com

photograph-gallery.com

devarajantraders.com

amarak-uniform.com

20190606.com

retailhutbd.net

craftbrewllc.com

myfreezic.com

crystalwiththecrystalz.com

ghallagherstudent.com

britishretailawards.com

thegoldenwork.com

dineztheunique.com

singlelookin.com

siyuanshe.com

apgfinancing.com

slicktechgadgets.com

wellemade.com

samytango.com

centaurme.com

shuairui.net

styleket.com

wpcfences.com

opolclothing.com

localiser.site

Targets

- Target
  
  Inquiry 05042021.doc
- Size
  
  374KB
- MD5
  
  e9260ff7bb6e35d8fa72e725c017b6bd
- SHA1
  
  78f98dfacba3e97edc359934ed96733c28ae9ecb
- SHA256
  
  37d7aa935abf410814d084177c16b5a7a6353e18ef72749187bd1b5bb343da9d
- SHA512
  
  08c3fc0e6f6b7d3e6d3a811ec3e31b749acd3c7f125a98030ba3672e12f4b1a51f018b9290172a8ab6aece9529844e40625c2184de326120213b786f6541655a
Score

10^/10

formbook rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

formbookratspywarestealertrojan

behavioral2

© 2018-2024

Terms | Privacy