Overview

overview

10

Static

static

QUOTE20212411.doc

windows7_x64

10

QUOTE20212411.doc

windows10_x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    QUOTE20212411.doc

  • Size

    18KB

  • Sample

    211124-phsh6afgd9

  • MD5

    4163ac9be2d871d13f1377a286cd794f

  • SHA1

    7c5bb5ad98afb179dba2e8332e5154c7ec440121

  • SHA256

    d3cdf89cf7b7e951833872e37b9530717a444f419b35b3fc67d7d66a4bacf612

  • SHA512

    96fc5fce60cceb9153a5a08d755c6e1387f4068a690365c284585adab95fc02c43f2df0606ec3be5eca096a4032398ab342dabebcdd9a21e06e3db7e52a59d39

Score
10/10
formbookob7yratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ob7y

C2

http://www.metanewsroom.net/ob7y/

Decoy

ipsdjf.com

mlphntec.com

restaurant-day.store

writeramylong.com

flokigamefi.com

usetianyi.xyz

punishstrikebreaker.quest

ericnfleming.com

dhhwtieen.xyz

milfhackers.com

fewefie.store

pithstsdiet.store

kirsten-hemmerich.com

casinolopoca.com

sigag.xyz

geilepoes.com

metawhatsapp.art

sarjin.xyz

toprabatte.net

lotofbrave.club

Targets

    • Target

      QUOTE20212411.doc

    • Size

      18KB

    • MD5

      4163ac9be2d871d13f1377a286cd794f

    • SHA1

      7c5bb5ad98afb179dba2e8332e5154c7ec440121

    • SHA256

      d3cdf89cf7b7e951833872e37b9530717a444f419b35b3fc67d7d66a4bacf612

    • SHA512

      96fc5fce60cceb9153a5a08d755c6e1387f4068a690365c284585adab95fc02c43f2df0606ec3be5eca096a4032398ab342dabebcdd9a21e06e3db7e52a59d39

    Score
    10/10
    formbookob7yratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Exploitation for Client Execution

1
T1203

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks