Overview

overview

10

Static

static

FLQ_100057...1.xlsx

windows7_x64

10

FLQ_100057...1.xlsx

windows10_x64

1

FLQ_100057...1.xlsx

macos_amd64

1

Resubmissions

22-07-2021 06:06

210722-feaj9jach6 10

22-07-2021 06:01

210722-rrxh2tgxe2 1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    FLQ_1000572_SPL_20210651.xlsx

  • Size

    8KB

  • Sample

    210722-feaj9jach6

  • MD5

    2a4289f7642ddc32ef9019a538946f62

  • SHA1

    5d19318fbb1374b574cc576e97b456e383072808

  • SHA256

    ed405158bb992eb55f067abb06b0285451c71e3db6b6910096608180d0c89b71

  • SHA512

    e6fc202afa7167e1912f34430779b3a1e941229b8449e60b6690099b6656f346a888b89edd93d94d261ea5278026dd33ce03a3acf6e53d61cfe31a9de1fc4c1c

Score
10/10
formbookmacosratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.domoexpra.club/cg53/

Decoy

sugarlushcosmetic.com

a2net.info

ximakaya.com

thevochick.com

khafto.com

zsgpbgsbh.icu

psm-gen.com

jhxhotei.com

7991899.com

nda.today

fourseasonsvanlines.com

splediferous.info

thesqlgoth.com

newpathequine.com

advan.digital

skamanderboats.com

thejnit.com

pardusarms.net

mevasoluciones.com

biggdogg5n2.com

Targets

    • Target

      FLQ_1000572_SPL_20210651.xlsx

    • Size

      8KB

    • MD5

      2a4289f7642ddc32ef9019a538946f62

    • SHA1

      5d19318fbb1374b574cc576e97b456e383072808

    • SHA256

      ed405158bb992eb55f067abb06b0285451c71e3db6b6910096608180d0c89b71

    • SHA512

      e6fc202afa7167e1912f34430779b3a1e941229b8449e60b6690099b6656f346a888b89edd93d94d261ea5278026dd33ce03a3acf6e53d61cfe31a9de1fc4c1c

    Score
    10/10
    formbookratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2behavioral3

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Exploitation for Client Execution

1
T1203

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks