formbook | 7cb3ffa44654db626e5eaec3cf679ac8c4c033db7103fff7da4e8ccb4aacf797 | Triage

Sharing

General

Target

HANYUAN PROJECT SDN BHD _PRJ S2505.xlsx
Size

1.2MB
Sample

210727-whqy4z12ta
MD5

7c5f2178cbddc544639af018ee27181b
SHA1

b587c5fe244c025ea92e8ec1e112da5a1d151084
SHA256

7cb3ffa44654db626e5eaec3cf679ac8c4c033db7103fff7da4e8ccb4aacf797
SHA512

69174a968a7920d5e258ef17b0f6a72000b9d074063a306e5642e1e3c05893e676382b3a6539f9e05151c6ce1718de19ab05580b03414f513fe90994570c1a84

Score

10^/10

formbook rat spyware stealer suricata trojan

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.surreal-myzrael.com/z7a/

Decoy

dotstories.xyz

egd-dz.com

caringhealthrecruit.com

transportdupont.com

teh-support.pro

catfad.com

pinewoodlakepool.net

pendekar-qq.info

duplicuty-garden.com

librtshop.com

stepmed.life

seatplusplus.com

bluzelle.money

weflew.xyz

bolaci.com

arrebatamentonews.com

sukesanblog.com

shadow-campaign.com

anpfiff.net

taste-of-poland.com

Targets

- Target
  
  HANYUAN PROJECT SDN BHD _PRJ S2505.xlsx
- Size
  
  1.2MB
- MD5
  
  7c5f2178cbddc544639af018ee27181b
- SHA1
  
  b587c5fe244c025ea92e8ec1e112da5a1d151084
- SHA256
  
  7cb3ffa44654db626e5eaec3cf679ac8c4c033db7103fff7da4e8ccb4aacf797
- SHA512
  
  69174a968a7920d5e258ef17b0f6a72000b9d074063a306e5642e1e3c05893e676382b3a6539f9e05151c6ce1718de19ab05580b03414f513fe90994570c1a84
Score

10^/10

formbook rat spyware stealer suricata trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- CustAttr .NET packer
  Detects CustAttr .NET packer in memory.
- Formbook Payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

formbookratspywarestealersuricatatrojan

behavioral2