formbook | 7312e4d88a96b1c5cfda9a0edefd206400aff65cdb05ac599ed7adcf8bf166f9 | Triage

Submit
Reports

Overview

overview

Static

static

Request for Quote.doc

windows7_x64

Request for Quote.doc

windows10_x64

1

Sharing

General

Target

Request for Quote.doc
Size

284KB
Sample

211012-tmx2nacehr
MD5

13b0f950e6053f758330793454df0d1e
SHA1

8a8421007b2af55e8381a5625a3e5f07794ad8b0
SHA256

7312e4d88a96b1c5cfda9a0edefd206400aff65cdb05ac599ed7adcf8bf166f9
SHA512

f10fae86cd3a901eb9b8ac2e3bcab42db10e8202c2aa78716102389645d451d7f011c4c06e4b56639455027ba9ac38a4bd684e1fd8ecfb5ee7508b29a4a438cf

Score

10^/10

formbook mxwf rat spyware stealer suricata trojan

Static task

static1

Behavioral task

behavioral1

Sample

Request for Quote.doc

Resource

win7-en-20210920

formbook mxwf rat spyware stealer suricata trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Request for Quote.doc

Resource

win10v20210408

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

mxwf

C2

http://www.zahnimplantatangebotede.com/mxwf/

Decoy

orders-cialis.info

auctionorbuy.com

meanmugsamore.com

yachtcrewmark.com

sacredkashilifestudio.net

themintyard.com

bragafoods.com

sierp.com

hausofdeme.com

anthonyjames915.com

bajardepesoencasa.com

marciaroyal.com

earringlifter.com

dsdjfhd9ddksa1as.info

bmzproekt.com

employmentbc.com

ptsdtreatment.space

vrchance.com

cnrongding.com

welovelit.com

intercourierdelivery.services

ianwhitewrite.com

afcerd.com

beneficiodemedicare.com

gatel3ess.com

salesnksportswt.top

thewellnessloft365.com

totensa.com

jessicatheisen.com

snowtographers.com

executrainpr.com

puttypaw.com

popcorntimeipad.com

heyconi.com

llanoresources.com

ibusinesshero.com

1euro1ad.com

sparkleeapp.com

zhuxiugyh.com

calvinmaphoto.com

bjmaomao.com

isaacfujiki.com

zipwhipper.com

kontrollstutzen.com

hannaheason.media

zgcbw.net

letteringdagabi.com

kitefabrics.com

andherieastoffices.com

thewellnesstravelcompany.info

ohio.works

beacharita.com

alphamillls.com

sassandvinegar.com

usauber.com

ceylonherbslk.com

richardggreenhill.com

groupdae.com

jupiterccc.com

indoovo.com

sunnytheodora.com

gxpgfz.com

shoppandaxpress.com

heiboard.com

Targets

- Target
  
  Request for Quote.doc
- Size
  
  284KB
- MD5
  
  13b0f950e6053f758330793454df0d1e
- SHA1
  
  8a8421007b2af55e8381a5625a3e5f07794ad8b0
- SHA256
  
  7312e4d88a96b1c5cfda9a0edefd206400aff65cdb05ac599ed7adcf8bf166f9
- SHA512
  
  f10fae86cd3a901eb9b8ac2e3bcab42db10e8202c2aa78716102389645d451d7f011c4c06e4b56639455027ba9ac38a4bd684e1fd8ecfb5ee7508b29a4a438cf
Score

10^/10

formbook mxwf rat spyware stealer suricata trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Formbook Payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

formbookmxwfratspywarestealersuricatatrojan

behavioral2

© 2018-2024

Terms | Privacy