formbook | b5bcdc51fdaabc11a62e8401493b5fa24b6f4a350d597cc58a04cfc0dedefbfc | Triage

Sharing

General

Target

New Order.docx
Size

10KB
Sample

210722-f8ldwmlq7j
MD5

37440402e2f3bed12f391338cbd4fc12
SHA1

f28f9be236b1593f2f7da3ceb4b0478c96c7b0d0
SHA256

b5bcdc51fdaabc11a62e8401493b5fa24b6f4a350d597cc58a04cfc0dedefbfc
SHA512

468e045dcec4558ed25e25f0dae0fb99be55e300994ffc698e2cb6dfc0812c89d3a13a69e0fe0166d4f0a50891bcb1f65526122e8ae52b67056c937e25c7fa5a

Score

10^/10

formbook macos rat spyware stealer trojan websettings

Malware Config

Extracted

Rule

Microsoft Office WebSettings Relationship

C2

https://hyp.ae/pGGoM

Extracted

Family

formbook

Version

4.1

C2

http://www.bookkeeping32.com/p6ai/

Decoy

ocfoundation.info

fullhouse01.com

a-great-lexus-rx.fyi

googlepayperclick.com

coachmyragolden.com

luxclothing.club

medicationbuddy.com

miraclepawsfoundation.com

datingforcez.online

wasteharvester.com

solslides.com

hotel-ritterhof.com

tianjinsf.com

receiveyourcashnow.com

the-vma.com

godrejroyalewoodsbangalore.com

erickrokanphotography.com

vasinvestments.com

janlago.com

2nocent.com

Targets

- Target
  
  New Order.docx
- Size
  
  10KB
- MD5
  
  37440402e2f3bed12f391338cbd4fc12
- SHA1
  
  f28f9be236b1593f2f7da3ceb4b0478c96c7b0d0
- SHA256
  
  b5bcdc51fdaabc11a62e8401493b5fa24b6f4a350d597cc58a04cfc0dedefbfc
- SHA512
  
  468e045dcec4558ed25e25f0dae0fb99be55e300994ffc698e2cb6dfc0812c89d3a13a69e0fe0166d4f0a50891bcb1f65526122e8ae52b67056c937e25c7fa5a
Score

10^/10

formbook rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Abuses OpenXML format to download file from external location
- Loads dropped DLL
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

formbookratspywarestealertrojan

behavioral2

behavioral3