formbook | 408c41f67cc40208f1518b050db8b6d0f315dae817e26c5ae43efe917506c226 | Triage

Submit
Reports

Overview

overview

Static

static

New order ...3.xlsx

windows7_x64

New order ...3.xlsx

windows10_x64

1

Sharing

General

Target

New order - C.S.I No. 04183.xlsx
Size

228KB
Sample

211125-vgv6jsbbh5
MD5

bc2d171f6ea23a58ce5cca820869295c
SHA1

dafd3a3276c12ee6d20206573d65d6fb10e6af7b
SHA256

408c41f67cc40208f1518b050db8b6d0f315dae817e26c5ae43efe917506c226
SHA512

f46d62b6cd47184db12bd302def63e945063e471bbab3f02483c9c66c83d751e65c97d3f4f4d1d5f4d08bad1e1fd3bb882f97a85f363945a1659913ce47077b3

Score

10^/10

formbook og2w rat spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

New order - C.S.I No. 04183.xlsx

Resource

win7-en-20211014

formbook og2w rat spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

New order - C.S.I No. 04183.xlsx

Resource

win10-en-20211104

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

og2w

C2

http://www.celikkaya.xyz/og2w/

Decoy

drivenexpress.info

pdfproxy.com

zyz999.top

oceanserver1.com

948289.com

nubilewoman.com

ibizadiamonds.com

bosniantv-australia.com

juliehutzell.com

poshesocial.events

icsrwk.xyz

nap-con.com

womansslippers.com

invictusfarm.com

search-panel-avg-rock.rest

desencriptar.com

imperialexoticreptiles.com

agastify.com

strinvstr.com

julianapeloi.com

myproperty99.com

mahardikasantoso.com

pathway-strategies.com

runbusinessonline.com

facenbook.xyz

texasschnauzer.com

whoyummy.top

hiscomsvc.com

644557.com

shouyeshow.com

emtek.site

inspireabossglobal.us

sellmyhouse365.net

ambergrids.xyz

shoptrendyshop.com

b7eb8.com

crystalsbyzoe.com

awfullive.site

rebelgreens.com

depressiqwidv.xyz

mvp69bet.com

selectedandprotected.com

china-jiahe.com

brandonknicely.com

redrodventuresllc.com

tomafer.net

makemeorgasm.net

wihomeoffers.com

bamko.link

secure-01.net

fridayhabit.com

mudeevehkuwpitcicet.site

inversioneskomp.com

oojry.xyz

jibony.com

cellphoneplansiusaweb.com

lianemuhill.com

caroeventos.com

thucphamsachkhaihuy.com

musicjem.com

hbbtv.xyz

meltemilebaskalasim.com

xn--38j0b6c.com

checkupfromtheneckup.net

Targets

- Target
  
  New order - C.S.I No. 04183.xlsx
- Size
  
  228KB
- MD5
  
  bc2d171f6ea23a58ce5cca820869295c
- SHA1
  
  dafd3a3276c12ee6d20206573d65d6fb10e6af7b
- SHA256
  
  408c41f67cc40208f1518b050db8b6d0f315dae817e26c5ae43efe917506c226
- SHA512
  
  f46d62b6cd47184db12bd302def63e945063e471bbab3f02483c9c66c83d751e65c97d3f4f4d1d5f4d08bad1e1fd3bb882f97a85f363945a1659913ce47077b3
Score

10^/10

formbook og2w rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

formbookog2wratspywarestealertrojan

behavioral2

© 2018-2024

Terms | Privacy