formbook

General

Target

invoice.doc
Size

44KB
Sample

211019-j5626sfde7
MD5

f9a9e02d320ae1d2d6c2990a86c01775
SHA1

e57f3da7a482857d8815472b60ee488f165a1647
SHA256

e3a47b89d96d1648c524e522239827897194653cb32d8b547a0cc301cf254cb2
SHA512

97d1a3ffa4152496f95aedf91e05fbd324519a6e8943353e3b6a701110dfc66f86bb38a4fa9b66af888d5363a058faa4cd97017c3aba8b9d6de7e4399914ea8f

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

mxwf

C2

http://www.zahnimplantatangebotede.com/mxwf/

Decoy

orders-cialis.info

auctionorbuy.com

meanmugsamore.com

yachtcrewmark.com

sacredkashilifestudio.net

themintyard.com

bragafoods.com

sierp.com

hausofdeme.com

anthonyjames915.com

bajardepesoencasa.com

marciaroyal.com

earringlifter.com

dsdjfhd9ddksa1as.info

bmzproekt.com

employmentbc.com

ptsdtreatment.space

vrchance.com

cnrongding.com

welovelit.com

Targets

- Target
  
  invoice.doc
- Size
  
  44KB
- MD5
  
  f9a9e02d320ae1d2d6c2990a86c01775
- SHA1
  
  e57f3da7a482857d8815472b60ee488f165a1647
- SHA256
  
  e3a47b89d96d1648c524e522239827897194653cb32d8b547a0cc301cf254cb2
- SHA512
  
  97d1a3ffa4152496f95aedf91e05fbd324519a6e8943353e3b6a701110dfc66f86bb38a4fa9b66af888d5363a058faa4cd97017c3aba8b9d6de7e4399914ea8f
Score

10^/10

formbook mxwf rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Exploitation for Client Execution

1

T1203

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Blocklisted process makes network request

Downloads MZ/PE file

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2