formbook | b6a6ff003727e8fe59a6d10a4ea5fa4b066e15cd0ecba552c4d7d3d08da0d986 | Triage

Submit
Reports

Overview

overview

Static

static

Payment Swift.doc

windows7_x64

Payment Swift.doc

windows10_x64

1

Sharing

General

Target

Payment Swift.doc
Size

319KB
Sample

210510-kva8ampf7e
MD5

eaf353f50d090caa75e67f05393c8717
SHA1

9dcea91cea5313f75f69ad255fd919497d418904
SHA256

b6a6ff003727e8fe59a6d10a4ea5fa4b066e15cd0ecba552c4d7d3d08da0d986
SHA512

d035e065741109ace2e8f59abf5a5ab62d7fc94da64a7bd185c82f07c5bfadf364ed494c6fee6a2768ad243a6d393941ed799c24d40818b57bc28a8375e19931

Score

10^/10

formbook rat spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

Payment Swift.doc

Resource

win7v20210408

formbook rat spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Payment Swift.doc

Resource

win10v20210408

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.shoprodeovegas.com/xcl/

Decoy

sewingtherose.com

thesmartshareholder.com

afasyah.com

marolamusic.com

lookupgeorgina.com

plataforyou.com

dijcan.com

pawtyparcels.com

interprediction.com

fairerfinancehackathon.net

thehmnshop.com

jocelynlopez.com

launcheffecthouston.com

joyeveryminute.com

spyforu.com

ronerasanjuan.com

gadgetsdesi.com

nmrconsultants.com

travellpod.com

ballparksportscards.com

milehighcitygames.com

sophieberiault.com

2020uselectionresult.com

instantpeindia.com

topgradetutors.net

esveb.com

rftjrsrv.net

raphacall.com

wangrenkai.com

programme-zeste.com

idtiam.com

cruzealmeidaarquitetura.com

hidbatteries.com

print12580.com

realmartagent.com

tpsmg.com

mamapacho.com

rednetmarketing.com

syuan.xyz

floryi.com

photograph-gallery.com

devarajantraders.com

amarak-uniform.com

20190606.com

retailhutbd.net

craftbrewllc.com

myfreezic.com

crystalwiththecrystalz.com

ghallagherstudent.com

britishretailawards.com

thegoldenwork.com

dineztheunique.com

singlelookin.com

siyuanshe.com

apgfinancing.com

slicktechgadgets.com

wellemade.com

samytango.com

centaurme.com

shuairui.net

styleket.com

wpcfences.com

opolclothing.com

localiser.site

Targets

- Target
  
  Payment Swift.doc
- Size
  
  319KB
- MD5
  
  eaf353f50d090caa75e67f05393c8717
- SHA1
  
  9dcea91cea5313f75f69ad255fd919497d418904
- SHA256
  
  b6a6ff003727e8fe59a6d10a4ea5fa4b066e15cd0ecba552c4d7d3d08da0d986
- SHA512
  
  d035e065741109ace2e8f59abf5a5ab62d7fc94da64a7bd185c82f07c5bfadf364ed494c6fee6a2768ad243a6d393941ed799c24d40818b57bc28a8375e19931
Score

10^/10

formbook rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

formbookratspywarestealertrojan

behavioral2

© 2018-2024

Terms | Privacy