Overview

overview

10

Static

static

PO 35572 F...8.xlsx

windows7_x64

10

PO 35572 F...8.xlsx

windows10_x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PO 35572 FOR CONTRA 23.08.xlsx

  • Size

    229KB

  • Sample

    211116-r12wnaeca4

  • MD5

    c02cb6d0162d7043d2df46f5a0a1bd06

  • SHA1

    91aeddb13a1d4b64a3366f732d47539776d8f5a7

  • SHA256

    fe83f7473502fc6f19a45a7a244ff115e06be64044ece3897c32e07cc8351ae4

  • SHA512

    cf11801ef18c1a6f57e1fa5aec2559c966f0a7b5bccab37b36fd64c32c1e1ceb652e05b77360472f1ad0437b2f3b9dd96fe6620a11409924445559c3d4fe4a0a

Score
10/10
formbook9gr5ratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

9gr5

C2

http://www.cuteprofessionalscrubs.com/9gr5/

Decoy

newleafcosmetix.com

richermanscastle.com

ru-remonton.com

2diandongche.com

federaldados.design

jeffreycookweb.com

facecs.online

xmeclarn.xyz

olgasmith.xyz

sneakersonlinesale.com

playboyshiba.com

angelamiglioli.com

diitaldefynd.com

whenevergames.com

mtheartcustom.com

vitalactivesupply.com

twistblogr.com

xn--i8s140at3d6u7c.tel

baudelaireelhakim.com

real-estate-miami-searcher.site

Targets

    • Target

      PO 35572 FOR CONTRA 23.08.xlsx

    • Size

      229KB

    • MD5

      c02cb6d0162d7043d2df46f5a0a1bd06

    • SHA1

      91aeddb13a1d4b64a3366f732d47539776d8f5a7

    • SHA256

      fe83f7473502fc6f19a45a7a244ff115e06be64044ece3897c32e07cc8351ae4

    • SHA512

      cf11801ef18c1a6f57e1fa5aec2559c966f0a7b5bccab37b36fd64c32c1e1ceb652e05b77360472f1ad0437b2f3b9dd96fe6620a11409924445559c3d4fe4a0a

    Score
    10/10
    formbook9gr5ratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

1
T1064

Exploitation for Client Execution

1
T1203

Persistence

Privilege Escalation

Defense Evasion

Scripting

1
T1064

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks