formbook | b0317fe6426ee5247b933cb3b5cf2c0c59d58b3bdcd27c636bf03a75c2e2609c | Triage

Submit
Reports

Overview

overview

Static

static

BD10752Q00...K.xlsx

windows7_x64

BD10752Q00...K.xlsx

windows10_x64

1

Sharing

General

Target

BD10752Q0040731BDDHK.xlsx
Size

160KB
Sample

211206-gqb75sdddm
MD5

9f5094328e87a38e3839c741c85c3ac6
SHA1

50703316c674cc5df15742cebc39e3356328f676
SHA256

b0317fe6426ee5247b933cb3b5cf2c0c59d58b3bdcd27c636bf03a75c2e2609c
SHA512

e06bbe6119b574dc8a853f6e86bf93474f4462299e7968ebaad62b789cd13d65e374fdd588145999342474401842b86d9ed0ce727caa6ad17130029ad76be069

Score

10^/10

formbook og2w rat spyware stealer suricata trojan

Static task

static1

Behavioral task

behavioral1

Sample

BD10752Q0040731BDDHK.xlsx

Resource

win7-en-20211014

formbook og2w rat spyware stealer suricata trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

BD10752Q0040731BDDHK.xlsx

Resource

win10-en-20211104

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

og2w

C2

http://www.celikkaya.xyz/og2w/

Decoy

drivenexpress.info

pdfproxy.com

zyz999.top

oceanserver1.com

948289.com

nubilewoman.com

ibizadiamonds.com

bosniantv-australia.com

juliehutzell.com

poshesocial.events

icsrwk.xyz

nap-con.com

womansslippers.com

invictusfarm.com

search-panel-avg-rock.rest

desencriptar.com

imperialexoticreptiles.com

agastify.com

strinvstr.com

julianapeloi.com

myproperty99.com

mahardikasantoso.com

pathway-strategies.com

runbusinessonline.com

facenbook.xyz

texasschnauzer.com

whoyummy.top

hiscomsvc.com

644557.com

shouyeshow.com

emtek.site

inspireabossglobal.us

sellmyhouse365.net

ambergrids.xyz

shoptrendyshop.com

b7eb8.com

crystalsbyzoe.com

awfullive.site

rebelgreens.com

depressiqwidv.xyz

mvp69bet.com

selectedandprotected.com

china-jiahe.com

brandonknicely.com

redrodventuresllc.com

tomafer.net

makemeorgasm.net

wihomeoffers.com

bamko.link

secure-01.net

fridayhabit.com

mudeevehkuwpitcicet.site

inversioneskomp.com

oojry.xyz

jibony.com

cellphoneplansiusaweb.com

lianemuhill.com

caroeventos.com

thucphamsachkhaihuy.com

musicjem.com

hbbtv.xyz

meltemilebaskalasim.com

xn--38j0b6c.com

checkupfromtheneckup.net

Targets

- Target
  
  BD10752Q0040731BDDHK.xlsx
- Size
  
  160KB
- MD5
  
  9f5094328e87a38e3839c741c85c3ac6
- SHA1
  
  50703316c674cc5df15742cebc39e3356328f676
- SHA256
  
  b0317fe6426ee5247b933cb3b5cf2c0c59d58b3bdcd27c636bf03a75c2e2609c
- SHA512
  
  e06bbe6119b574dc8a853f6e86bf93474f4462299e7968ebaad62b789cd13d65e374fdd588145999342474401842b86d9ed0ce727caa6ad17130029ad76be069
Score

10^/10

formbook og2w rat spyware stealer suricata trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Formbook Payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

formbookog2wratspywarestealersuricatatrojan

behavioral2

© 2018-2024

Terms | Privacy