formbook

General

Target

PO5324DZ.xls
Size

23KB
Sample

210707-2q7mtn9y96
MD5

eda1c8dc942d56f20c214fd832fe035c
SHA1

b7f6558b27519fdc566d9a18022eeb1da1b5537c
SHA256

7d1ae87aa9c4905b7ae19cbcc3723231b15c62426ef771358b476ce136fcf1c7
SHA512

cad4b620021cdb0ca0faa00a3134d70672c5c4448cf8bc11fecf33912aaf86334c592f9f2598587b79106a790867dab63fc4a47036b832a4113cd30e92e7f5dc

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.tiktokblueprints.com/ea9e/

Decoy

yoga-fertilite.com

zcltlfsh.icu

aberdareroyalcottages.com

kawaiibobateahouse.com

311gang.com

coastalbreezecreations.com

globosimpresoss.com

ignitioniq.com

5gplaystation.com

marketopiniononline.com

martinstantondesigns.com

ksdhxtkpup4.net

findconscious.com

pure-tab.com

orderanthonysofskippack.com

findingthecurve.com

e-devletim.com

prosystemwebsite.com

travelbroom.com

sharpopinion.com

Targets

- Target
  
  PO5324DZ.xls
- Size
  
  23KB
- MD5
  
  eda1c8dc942d56f20c214fd832fe035c
- SHA1
  
  b7f6558b27519fdc566d9a18022eeb1da1b5537c
- SHA256
  
  7d1ae87aa9c4905b7ae19cbcc3723231b15c62426ef771358b476ce136fcf1c7
- SHA512
  
  cad4b620021cdb0ca0faa00a3134d70672c5c4448cf8bc11fecf33912aaf86334c592f9f2598587b79106a790867dab63fc4a47036b832a4113cd30e92e7f5dc
Score

10^/10

formbook persistence rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Executes dropped EXE
- Modifies Installed Components in the registry
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Executes dropped EXE

Modifies Installed Components in the registry

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2