formbook | e9c14d81bef016087ae43bdb90b0ad87fad97c711b8972a06742480b6f2e94cf | Triage

Sharing

General

Target

Danam Inquiry List 002100706544.docx
Size

10KB
Sample

210607-qsmc1yfkvj
MD5

ce3c47a32607544859c503e2a404a841
SHA1

fc824648b8128adc8cf8dd819412ee2f547a823b
SHA256

e9c14d81bef016087ae43bdb90b0ad87fad97c711b8972a06742480b6f2e94cf
SHA512

130534e947ff234e0888042ae4526aa08ab542622ee6050eea6f8d2c7723c1bc127910fca62b9b1f34f3ba9f2145f8606fbf1a26619c35d0878837aa5f7b9d22

Score

10^/10

formbook rat spyware stealer trojan websettings

Malware Config

Extracted

Rule

Microsoft Office WebSettings Relationship

C2

http://172.245.119.81/.----------------------.------------------------------.-/v.wbk

Extracted

Family

formbook

Version

4.1

C2

http://www.mpaiji.com/c244/

Decoy

ssgasija.com

procyoon.com

mood-street-food.com

yeglifeview.com

baoyai.com

sundarsheni.com

notoli.photography

sweetape.com

ergas.group

asyrill.com

jin188v.com

stlazarushospitalnola.com

dohertyfamily5.com

duniaclubs.club

ngobryles.com

scottsavocasalon.com

unifiui.com

baileyfred.com

nabiagency.com

alyssaternanphotography.com

Targets

- Target
  
  Danam Inquiry List 002100706544.docx
- Size
  
  10KB
- MD5
  
  ce3c47a32607544859c503e2a404a841
- SHA1
  
  fc824648b8128adc8cf8dd819412ee2f547a823b
- SHA256
  
  e9c14d81bef016087ae43bdb90b0ad87fad97c711b8972a06742480b6f2e94cf
- SHA512
  
  130534e947ff234e0888042ae4526aa08ab542622ee6050eea6f8d2c7723c1bc127910fca62b9b1f34f3ba9f2145f8606fbf1a26619c35d0878837aa5f7b9d22
Score

10^/10

formbook rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Abuses OpenXML format to download file from external location
- Loads dropped DLL
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

formbookratspywarestealertrojan

behavioral2