formbook | 718dcc870c0de487595feed4e5e43dc70fba6fa2aaac15462c0ba5c20028e7bd | Triage

Submit
Reports

Overview

overview

Static

static

5aad2b6635...64.rtf

windows7_x64

5aad2b6635...64.rtf

windows10_x64

1

Sharing

General

Target

5aad2b6635b3069402aaf6ff389bea64
Size

21KB
Sample

211125-tvsrxafgbr
MD5

5aad2b6635b3069402aaf6ff389bea64
SHA1

a8617ddffd6c934fcf3f64c6e84b1a23ffa9d092
SHA256

718dcc870c0de487595feed4e5e43dc70fba6fa2aaac15462c0ba5c20028e7bd
SHA512

2bcdcc3775f8d2a163b8b564232a5839fe625b8ab7f8b6de613b57abf436e6acb095d5bc2a081e966aa4422a9edb9a81df031d4da40add21cef4404aa45a5d3d

Score

10^/10

formbook 9gr5 rat spyware stealer suricata trojan

Static task

static1

Behavioral task

behavioral1

Sample

5aad2b6635b3069402aaf6ff389bea64.rtf

Resource

win7-en-20211104

formbook 9gr5 rat spyware stealer suricata trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

5aad2b6635b3069402aaf6ff389bea64.rtf

Resource

win10-en-20211104

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

9gr5

C2

http://www.cuteprofessionalscrubs.com/9gr5/

Decoy

newleafcosmetix.com

richermanscastle.com

ru-remonton.com

2diandongche.com

federaldados.design

jeffreycookweb.com

facecs.online

xmeclarn.xyz

olgasmith.xyz

sneakersonlinesale.com

playboyshiba.com

angelamiglioli.com

diitaldefynd.com

whenevergames.com

mtheartcustom.com

vitalactivesupply.com

twistblogr.com

xn--i8s140at3d6u7c.tel

baudelaireelhakim.com

real-estate-miami-searcher.site

131122.xyz

meta-medial.com

carvanaworkers.com

mimamincloor.com

aglutinarteshop.com

portal-arch.com

mandeide.com

golfteesy.com

carteretcancer.center

cuansamping.com

jhhnet.com

oetthalr.xyz

toesonly.com

ctbizmag.com

searchonzippy.com

plantedapts.com

matoneg.online

takened.xyz

meta4.life

africanizedfund.com

jukeboxjason.com

folez.online

troddu.com

802135.com

guiamat.net

gladiasol.com

meditationandyogacentre.com

metaverserealestateagent.com

boogyverse.net

melissa-mochafest.com

cozsweeps.com

pickles-child.com

metaversemediaschool.com

ahfyfz.com

ses-coating.com

pozada.biz

loldollmagic.com

mountfrenchlodge.net

25680125.xyz

inusuklearning.com

dnteagcud.xyz

yupan.site

acloud123.xyz

asadosdonchorizo.com

Targets

- Target
  
  5aad2b6635b3069402aaf6ff389bea64
- Size
  
  21KB
- MD5
  
  5aad2b6635b3069402aaf6ff389bea64
- SHA1
  
  a8617ddffd6c934fcf3f64c6e84b1a23ffa9d092
- SHA256
  
  718dcc870c0de487595feed4e5e43dc70fba6fa2aaac15462c0ba5c20028e7bd
- SHA512
  
  2bcdcc3775f8d2a163b8b564232a5839fe625b8ab7f8b6de613b57abf436e6acb095d5bc2a081e966aa4422a9edb9a81df031d4da40add21cef4404aa45a5d3d
Score

10^/10

formbook 9gr5 rat spyware stealer suricata trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
  suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
  suricata
- Formbook Payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

formbook9gr5ratspywarestealersuricatatrojan

behavioral2

© 2018-2024

Terms | Privacy