Overview

overview

10

Static

static

PO-20212222.doc

windows7_x64

10

PO-20212222.doc

windows10_x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PO-20212222.doc

  • Size

    16KB

  • Sample

    211123-dera5scch7

  • MD5

    66335be4bd27323b18d8a32e151f6b5d

  • SHA1

    0e71ed1acb7cd7d1328cb3ddf7a3640082001710

  • SHA256

    7d9353470f1226a0cebac4364de36ebe88677e3b46755eb09732b24fc3aace89

  • SHA512

    aa9ab4e7ee6c4aa47b3f8a91abc675869d2718d3f38fc2b4b3e9ff9c70c45e5ff6301bc926cf78fd1d52dc2548a6ca8d9748665ff6554a3aa36c4621e5ef7dc5

Score
10/10
formbookob7yratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ob7y

C2

http://www.metanewsroom.net/ob7y/

Decoy

ipsdjf.com

mlphntec.com

restaurant-day.store

writeramylong.com

flokigamefi.com

usetianyi.xyz

punishstrikebreaker.quest

ericnfleming.com

dhhwtieen.xyz

milfhackers.com

fewefie.store

pithstsdiet.store

kirsten-hemmerich.com

casinolopoca.com

sigag.xyz

geilepoes.com

metawhatsapp.art

sarjin.xyz

toprabatte.net

lotofbrave.club

Targets

    • Target

      PO-20212222.doc

    • Size

      16KB

    • MD5

      66335be4bd27323b18d8a32e151f6b5d

    • SHA1

      0e71ed1acb7cd7d1328cb3ddf7a3640082001710

    • SHA256

      7d9353470f1226a0cebac4364de36ebe88677e3b46755eb09732b24fc3aace89

    • SHA512

      aa9ab4e7ee6c4aa47b3f8a91abc675869d2718d3f38fc2b4b3e9ff9c70c45e5ff6301bc926cf78fd1d52dc2548a6ca8d9748665ff6554a3aa36c4621e5ef7dc5

    Score
    10/10
    formbookob7yratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Exploitation for Client Execution

1
T1203

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks