formbook | 6b876eb9b7f8e0a5a2c136c0557e8f7180cf1c0213a8f816b7625a629bd6f613 | Triage

Submit
Reports

Overview

overview

Static

static

6b69aa9ccb...9.xlsx

windows7_x64

Sharing

General

Target

6b69aa9ccb11ee883edf10da3f6114cc37f37fc9.xlsx
Size

815KB
Sample

211206-nvpscsdhfp
MD5

d1e4e57c50f3f7917df39d4c241db7d6
SHA1

6b69aa9ccb11ee883edf10da3f6114cc37f37fc9
SHA256

6b876eb9b7f8e0a5a2c136c0557e8f7180cf1c0213a8f816b7625a629bd6f613
SHA512

9e4465e2f743f10a4aab4867fa45dc8dd073e087a222fa5a464966676dc6d4182d3dc29a9081b375a674b884aba19f76be2fa11091a9cca1a41840d2c3c05a7b

Score

10^/10

formbook jy0b rat spyware stealer suricata trojan

Static task

static1

Behavioral task

behavioral1

Sample

6b69aa9ccb11ee883edf10da3f6114cc37f37fc9.xlsx

Resource

win7-en-20211014

formbook jy0b rat spyware stealer suricata trojan

windows7_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

jy0b

C2

http://www.filecrev.com/jy0b/

Decoy

lamejorimagen.com

mykabukibrush.com

modgon.com

barefoottherapeutics.com

shimpeg.net

trade-sniper.com

chiangkhancityhotel.com

joblessmoni.club

stespritsubways.com

chico-group.com

nni8.xyz

searchtypically.online

jobsyork.com

bestsales-crypto.com

iqmarketing.info

bullcityphotobooths.com

fwssc.icu

1oc87s.icu

usdiesel.xyz

secrets2optimumnutrition.com

charlotte-s-creations.com

homenetmidrand.com

sytypij.xyz

tapehitsscriptsparty.com

adelenashville.com

greendylife.com

agbqs.com

lilcrox.xyz

thepersonalevolutionmaven.com

graciasmiangel.com

heidisgifts.com

flchimneyspecialists.com

yorkrehabclinic.com

cent-pour-centsons.com

marcoislandsupsurf.net

expressdiagnostics.info

surferjackproductions.com

duscopy.store

uekra.tech

campaigncupgunplant.xyz

cheetahadvance.com

blickosinski.icu

laketacostahoe.com

drippysupplyco.com

isomassagegun.com

clarition.com

andrew-pillar.com

truthbudgeting.com

cloudfixr.com

cfasministries.com

compliant-now-beta.com

kssc17.icu

plewabuilders.com

uslugi-email.site

167hours.com

sodo6697.com

voyagesify.com

ranodalei.com

culturao.com

littlepotato-id.com

integtiryhvacsanmateo.com

neatmounts.com

reddictnflstream.com

digistore-maya.com

Targets

- Target
  
  6b69aa9ccb11ee883edf10da3f6114cc37f37fc9.xlsx
- Size
  
  815KB
- MD5
  
  d1e4e57c50f3f7917df39d4c241db7d6
- SHA1
  
  6b69aa9ccb11ee883edf10da3f6114cc37f37fc9
- SHA256
  
  6b876eb9b7f8e0a5a2c136c0557e8f7180cf1c0213a8f816b7625a629bd6f613
- SHA512
  
  9e4465e2f743f10a4aab4867fa45dc8dd073e087a222fa5a464966676dc6d4182d3dc29a9081b375a674b884aba19f76be2fa11091a9cca1a41840d2c3c05a7b
Score

10^/10

formbook jy0b rat spyware stealer suricata trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Formbook Payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

formbookjy0bratspywarestealersuricatatrojan

© 2018-2024

Terms | Privacy