formbook | af801e43101c06e3366d942715a8b10f90f12ec3437cab1b8a0cc3872101eebe | Triage

Submit
Reports

Overview

overview

Static

static

Payment Swift.doc

windows7_x64

Payment Swift.doc

windows10_x64

1

Sharing

General

Target

Payment Swift.doc
Size

376KB
Sample

210504-zbst85bt62
MD5

c8080fbfc825b01f11973566f1a3e589
SHA1

9aa04e64414bef6504b211615f7fcdbe84cd75df
SHA256

af801e43101c06e3366d942715a8b10f90f12ec3437cab1b8a0cc3872101eebe
SHA512

90775d8a921c9b094bbd1bb4bd20e11f997d70ad1f465fdfae6459cbb7e311116e434908caacf4b7844229d9835134180f549cd5d95e42a8305f98860fd23ce6

Score

10^/10

formbook rat spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

Payment Swift.doc

Resource

win7v20210408

formbook rat spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Payment Swift.doc

Resource

win10v20210410

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.shoprodeovegas.com/xcl/

Decoy

sewingtherose.com

thesmartshareholder.com

afasyah.com

marolamusic.com

lookupgeorgina.com

plataforyou.com

dijcan.com

pawtyparcels.com

interprediction.com

fairerfinancehackathon.net

thehmnshop.com

jocelynlopez.com

launcheffecthouston.com

joyeveryminute.com

spyforu.com

ronerasanjuan.com

gadgetsdesi.com

nmrconsultants.com

travellpod.com

ballparksportscards.com

milehighcitygames.com

sophieberiault.com

2020uselectionresult.com

instantpeindia.com

topgradetutors.net

esveb.com

rftjrsrv.net

raphacall.com

wangrenkai.com

programme-zeste.com

idtiam.com

cruzealmeidaarquitetura.com

hidbatteries.com

print12580.com

realmartagent.com

tpsmg.com

mamapacho.com

rednetmarketing.com

syuan.xyz

floryi.com

photograph-gallery.com

devarajantraders.com

amarak-uniform.com

20190606.com

retailhutbd.net

craftbrewllc.com

myfreezic.com

crystalwiththecrystalz.com

ghallagherstudent.com

britishretailawards.com

thegoldenwork.com

dineztheunique.com

singlelookin.com

siyuanshe.com

apgfinancing.com

slicktechgadgets.com

wellemade.com

samytango.com

centaurme.com

shuairui.net

styleket.com

wpcfences.com

opolclothing.com

localiser.site

Targets

- Target
  
  Payment Swift.doc
- Size
  
  376KB
- MD5
  
  c8080fbfc825b01f11973566f1a3e589
- SHA1
  
  9aa04e64414bef6504b211615f7fcdbe84cd75df
- SHA256
  
  af801e43101c06e3366d942715a8b10f90f12ec3437cab1b8a0cc3872101eebe
- SHA512
  
  90775d8a921c9b094bbd1bb4bd20e11f997d70ad1f465fdfae6459cbb7e311116e434908caacf4b7844229d9835134180f549cd5d95e42a8305f98860fd23ce6
Score

10^/10

formbook rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

formbookratspywarestealertrojan

behavioral2

© 2018-2024

Terms | Privacy