formbook | 37ba8d755d649a76052bf8225be259ee47e5ab35eeabb07b6d1988c22f7187f8 | Triage

Submit
Reports

Overview

overview

Static

static

BD00752Q00...K.xlsx

windows7_x64

BD00752Q00...K.xlsx

windows10_x64

1

Sharing

General

Target

BD00752Q0048971BDDHK.xlsx
Size

229KB
Sample

211203-n9dzeagdgq
MD5

0a4933f2a8175aef114f1180ac2b97c2
SHA1

bcc928f2507bba21660fa2153aca0cc129682236
SHA256

37ba8d755d649a76052bf8225be259ee47e5ab35eeabb07b6d1988c22f7187f8
SHA512

46548a16f916292b958583162d83f274f05292d9e46d158dd98087cd1215bd6f965117c396232e75069bd651abf47d713a5d0649074502a70197d45bbc6fec1c

Score

10^/10

formbook og2w rat spyware stealer suricata trojan

Static task

static1

Behavioral task

behavioral1

Sample

BD00752Q0048971BDDHK.xlsx

Resource

win7-en-20211014

formbook og2w rat spyware stealer suricata trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

BD00752Q0048971BDDHK.xlsx

Resource

win10-en-20211104

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

og2w

C2

http://www.celikkaya.xyz/og2w/

Decoy

drivenexpress.info

pdfproxy.com

zyz999.top

oceanserver1.com

948289.com

nubilewoman.com

ibizadiamonds.com

bosniantv-australia.com

juliehutzell.com

poshesocial.events

icsrwk.xyz

nap-con.com

womansslippers.com

invictusfarm.com

search-panel-avg-rock.rest

desencriptar.com

imperialexoticreptiles.com

agastify.com

strinvstr.com

julianapeloi.com

myproperty99.com

mahardikasantoso.com

pathway-strategies.com

runbusinessonline.com

facenbook.xyz

texasschnauzer.com

whoyummy.top

hiscomsvc.com

644557.com

shouyeshow.com

emtek.site

inspireabossglobal.us

sellmyhouse365.net

ambergrids.xyz

shoptrendyshop.com

b7eb8.com

crystalsbyzoe.com

awfullive.site

rebelgreens.com

depressiqwidv.xyz

mvp69bet.com

selectedandprotected.com

china-jiahe.com

brandonknicely.com

redrodventuresllc.com

tomafer.net

makemeorgasm.net

wihomeoffers.com

bamko.link

secure-01.net

fridayhabit.com

mudeevehkuwpitcicet.site

inversioneskomp.com

oojry.xyz

jibony.com

cellphoneplansiusaweb.com

lianemuhill.com

caroeventos.com

thucphamsachkhaihuy.com

musicjem.com

hbbtv.xyz

meltemilebaskalasim.com

xn--38j0b6c.com

checkupfromtheneckup.net

Targets

- Target
  
  BD00752Q0048971BDDHK.xlsx
- Size
  
  229KB
- MD5
  
  0a4933f2a8175aef114f1180ac2b97c2
- SHA1
  
  bcc928f2507bba21660fa2153aca0cc129682236
- SHA256
  
  37ba8d755d649a76052bf8225be259ee47e5ab35eeabb07b6d1988c22f7187f8
- SHA512
  
  46548a16f916292b958583162d83f274f05292d9e46d158dd98087cd1215bd6f965117c396232e75069bd651abf47d713a5d0649074502a70197d45bbc6fec1c
Score

10^/10

formbook og2w rat spyware stealer suricata trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Formbook Payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

formbookog2wratspywarestealersuricatatrojan

behavioral2

© 2018-2024

Terms | Privacy