Overview

overview

10

Static

static

PURCHASE ORDER.doc

windows7_x64

10

PURCHASE ORDER.doc

windows10_x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PURCHASE ORDER.doc

  • Size

    22KB

  • Sample

    211011-zwyx7sabh5

  • MD5

    5168cb1584b1bdaa02c43349a1c50cb7

  • SHA1

    5fd015db6286e5ce59ab7d37afae4f921403945b

  • SHA256

    54c13afdad5b24209f1480db2f8243bb28e15aa0e6fb0d7b5df25422aafeaaac

  • SHA512

    46aeb2c31def2ba5f2a75182b93c40f4275df8984f402346e3fab52baab7f5563e572d2c273336c02cbe9b3fda0aadedde07cbd50d8112371a1fd7e2cee9266c

Score
10/10
formbooked9sratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ed9s

C2

http://www.vaughnmethod.com/ed9s/

Decoy

pocketoptioniraq.com

merabestsolutions.com

atelectronics.site

fuxueshi.net

infinitystay.com

forensicconcept.site

txpmachine.com

masterwhs.xyz

dia-gnwsis.art

fulltiltnodes.com

bigbnbbsc.com

formation-figma.com

bonanacroin.net

medicalmarijuanasatx.com

bagnavy.com

aaegiscares.net

presentationpublicschool.com

bestyousite.site

prescriptionn.com

beyondthenormbouquets.com

Targets

    • Target

      PURCHASE ORDER.doc

    • Size

      22KB

    • MD5

      5168cb1584b1bdaa02c43349a1c50cb7

    • SHA1

      5fd015db6286e5ce59ab7d37afae4f921403945b

    • SHA256

      54c13afdad5b24209f1480db2f8243bb28e15aa0e6fb0d7b5df25422aafeaaac

    • SHA512

      46aeb2c31def2ba5f2a75182b93c40f4275df8984f402346e3fab52baab7f5563e572d2c273336c02cbe9b3fda0aadedde07cbd50d8112371a1fd7e2cee9266c

    Score
    10/10
    formbooked9sratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Exploitation for Client Execution

1
T1203

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks