formbook | 8211e35c2df7cabc2715727576f75621a9640fe9f379564558a1c4298495f62e | Triage

Submit
Reports

Overview

overview

Static

static

ORDER 19202111.doc

windows7_x64

ORDER 19202111.doc

windows10_x64

1

Sharing

General

Target

ORDER 19202111.doc
Size

17KB
Sample

211119-hftj4shdek
MD5

e4ce95f03ab27b0d13b9072d1b0c2137
SHA1

8d69aba029dd8cd5d81e1b66c2924fc52faf0880
SHA256

8211e35c2df7cabc2715727576f75621a9640fe9f379564558a1c4298495f62e
SHA512

d9f57c3b63fa41d4e805b87ec38844a1f7d20c51f2e3bdefd119d19f34b8f7b0e7b7a94d32d039b0d88414c9329151c748878d67e1adedd91383d62c102d8470

Score

10^/10

formbook ob7y rat spyware stealer suricata trojan

Static task

static1

Behavioral task

behavioral1

Sample

ORDER 19202111.doc

Resource

win7-en-20211014

formbook ob7y rat spyware stealer suricata trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

ORDER 19202111.doc

Resource

win10-en-20211104

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ob7y

C2

http://www.metanewsroom.net/ob7y/

Decoy

ipsdjf.com

mlphntec.com

restaurant-day.store

writeramylong.com

flokigamefi.com

usetianyi.xyz

punishstrikebreaker.quest

ericnfleming.com

dhhwtieen.xyz

milfhackers.com

fewefie.store

pithstsdiet.store

kirsten-hemmerich.com

casinolopoca.com

sigag.xyz

geilepoes.com

metawhatsapp.art

sarjin.xyz

toprabatte.net

lotofbrave.club

ladydunyasi.com

oeooaoio.xyz

ifarh.com

geovaluablehack.com

heatherwoodrealestate.com

788027.com

groweth2gloweth.com

corryandbee.com

chatech.community

defholdingsus.com

gymandsports213.sbs

safaknet.com

rnisk.store

yhsps.com

taxlawyeral.com

liberiathelandofreturn.net

beniclothingstore.com

onecashadvance.com

metawhatsapp.delivery

chseovx.xyz

fiftyix.com

ambassadorbed.com

doktorhelp.com

memoryck.com

ceto21.com

zomerubo.rest

tyoutrannyvidep.com

3cbzfhhx5.com

cryleo.com

thebigass.online

ofd-trade-sender.com

elchinazizov.com

shakilimam.com

soporhojecast.com

reyestacosrestaurant.com

supdeszka.com

kredit-option.com

sharonallenart.com

destockage-international.com

immediate-edge-pl.xyz

jmsjszc.com

mojuwangluo.com

tr4ders.com

zilingodigitize.com

Targets

- Target
  
  ORDER 19202111.doc
- Size
  
  17KB
- MD5
  
  e4ce95f03ab27b0d13b9072d1b0c2137
- SHA1
  
  8d69aba029dd8cd5d81e1b66c2924fc52faf0880
- SHA256
  
  8211e35c2df7cabc2715727576f75621a9640fe9f379564558a1c4298495f62e
- SHA512
  
  d9f57c3b63fa41d4e805b87ec38844a1f7d20c51f2e3bdefd119d19f34b8f7b0e7b7a94d32d039b0d88414c9329151c748878d67e1adedd91383d62c102d8470
Score

10^/10

formbook ob7y rat spyware stealer suricata trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Formbook Payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

formbookob7yratspywarestealersuricatatrojan

behavioral2

© 2018-2024

Terms | Privacy