formbook | 46fc6bd623a690f8b431b110bf5a0a1e030897c6d0f8945a9fb31e407a542d1f | Triage

Submit
Reports

Overview

overview

Static

static

PROFORMA INVOICE.xlsx

windows7_x64

PROFORMA INVOICE.xlsx

windows10_x64

1

Sharing

General

Target

PROFORMA INVOICE.xlsx
Size

228KB
Sample

211124-wdgdnadchm
MD5

0193aca82acbba4004353cc61a526cfd
SHA1

27b9f7396ac1ac67e5215b6e046e070eceb13313
SHA256

46fc6bd623a690f8b431b110bf5a0a1e030897c6d0f8945a9fb31e407a542d1f
SHA512

f6459401a6a49080265e9277a6e7481df1cd2b2c67b3563ad83aaa9caf3b0b4980e124cc91c944f67c62f75cc0b89e2ee434e53a3cde6332e675222824ee71f9

Score

10^/10

formbook og2w rat spyware stealer suricata trojan

Static task

static1

Behavioral task

behavioral1

Sample

PROFORMA INVOICE.xlsx

Resource

win7-en-20211104

formbook og2w rat spyware stealer suricata trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

PROFORMA INVOICE.xlsx

Resource

win10-en-20211014

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

og2w

C2

http://www.celikkaya.xyz/og2w/

Decoy

drivenexpress.info

pdfproxy.com

zyz999.top

oceanserver1.com

948289.com

nubilewoman.com

ibizadiamonds.com

bosniantv-australia.com

juliehutzell.com

poshesocial.events

icsrwk.xyz

nap-con.com

womansslippers.com

invictusfarm.com

search-panel-avg-rock.rest

desencriptar.com

imperialexoticreptiles.com

agastify.com

strinvstr.com

julianapeloi.com

myproperty99.com

mahardikasantoso.com

pathway-strategies.com

runbusinessonline.com

facenbook.xyz

texasschnauzer.com

whoyummy.top

hiscomsvc.com

644557.com

shouyeshow.com

emtek.site

inspireabossglobal.us

sellmyhouse365.net

ambergrids.xyz

shoptrendyshop.com

b7eb8.com

crystalsbyzoe.com

awfullive.site

rebelgreens.com

depressiqwidv.xyz

mvp69bet.com

selectedandprotected.com

china-jiahe.com

brandonknicely.com

redrodventuresllc.com

tomafer.net

makemeorgasm.net

wihomeoffers.com

bamko.link

secure-01.net

fridayhabit.com

mudeevehkuwpitcicet.site

inversioneskomp.com

oojry.xyz

jibony.com

cellphoneplansiusaweb.com

lianemuhill.com

caroeventos.com

thucphamsachkhaihuy.com

musicjem.com

hbbtv.xyz

meltemilebaskalasim.com

xn--38j0b6c.com

checkupfromtheneckup.net

Targets

- Target
  
  PROFORMA INVOICE.xlsx
- Size
  
  228KB
- MD5
  
  0193aca82acbba4004353cc61a526cfd
- SHA1
  
  27b9f7396ac1ac67e5215b6e046e070eceb13313
- SHA256
  
  46fc6bd623a690f8b431b110bf5a0a1e030897c6d0f8945a9fb31e407a542d1f
- SHA512
  
  f6459401a6a49080265e9277a6e7481df1cd2b2c67b3563ad83aaa9caf3b0b4980e124cc91c944f67c62f75cc0b89e2ee434e53a3cde6332e675222824ee71f9
Score

10^/10

formbook og2w rat spyware stealer suricata trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Formbook Payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

formbookog2wratspywarestealersuricatatrojan

behavioral2

© 2018-2024

Terms | Privacy