Overview

overview

10

Static

static

8

PO202107.xls

windows7_x64

10

PO202107.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PO202107.xls

  • Size

    23KB

  • Sample

    210719-rr8qgrw2xx

  • MD5

    c9123fe2a9ea247a974641a32940335b

  • SHA1

    13c5be04c9afceb11892f27767d7bc45c33b4b9c

  • SHA256

    bf19534d31541387c22c69963c679114bac4315d83e1dd3dc7b775b7dd377658

  • SHA512

    a87babeac9c10faa19d638b7f02551eeab7f17b2f482bdf1a797d616b52995b5e326758a32d7a1418baab596ff1dfecf142dcd1ab8ca6cd8386c863f8984ba0c

Score
10/10
formbookmacromacro_on_actionratspywarestealertrojanxlm

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.tiktokblueprints.com/ea9e/

Decoy

yoga-fertilite.com

zcltlfsh.icu

aberdareroyalcottages.com

kawaiibobateahouse.com

311gang.com

coastalbreezecreations.com

globosimpresoss.com

ignitioniq.com

5gplaystation.com

marketopiniononline.com

martinstantondesigns.com

ksdhxtkpup4.net

findconscious.com

pure-tab.com

orderanthonysofskippack.com

findingthecurve.com

e-devletim.com

prosystemwebsite.com

travelbroom.com

sharpopinion.com

Targets

    • Target

      PO202107.xls

    • Size

      23KB

    • MD5

      c9123fe2a9ea247a974641a32940335b

    • SHA1

      13c5be04c9afceb11892f27767d7bc45c33b4b9c

    • SHA256

      bf19534d31541387c22c69963c679114bac4315d83e1dd3dc7b775b7dd377658

    • SHA512

      a87babeac9c10faa19d638b7f02551eeab7f17b2f482bdf1a797d616b52995b5e326758a32d7a1418baab596ff1dfecf142dcd1ab8ca6cd8386c863f8984ba0c

    Score
    10/10
    formbookratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks