formbook | 60805ace9aa3457ba8fa8c0f815d470a30939370f8fd6d48a2013a49c1727d17 | Triage

Submit
Reports

Overview

overview

Static

static

AccountSta...1.xlsx

windows7_x64

AccountSta...1.xlsx

windows10_x64

1

Sharing

General

Target

AccountStatement_DEC_2021.xlsx
Size

228KB
Sample

211208-l991qshegm
MD5

efdd1d237fd3872bb7579b3baa5f52d3
SHA1

75ebd64ef3ee49cb5fca134c7c2b19b5ea9af4fc
SHA256

60805ace9aa3457ba8fa8c0f815d470a30939370f8fd6d48a2013a49c1727d17
SHA512

0f5d0d0ca52b9753bb18858cd32dfe83804796630d51052985249d8105e9fe1bb3ded3fb44d17686b82ff3a62a61fae6697bccd0c9ba195c694287ed4f217e54

Score

10^/10

formbook og2w rat spyware stealer suricata trojan

Static task

static1

Behavioral task

behavioral1

Sample

AccountStatement_DEC_2021.xlsx

Resource

win7-en-20211104

formbook og2w rat spyware stealer suricata trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

AccountStatement_DEC_2021.xlsx

Resource

win10-en-20211014

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

og2w

C2

http://www.celikkaya.xyz/og2w/

Decoy

drivenexpress.info

pdfproxy.com

zyz999.top

oceanserver1.com

948289.com

nubilewoman.com

ibizadiamonds.com

bosniantv-australia.com

juliehutzell.com

poshesocial.events

icsrwk.xyz

nap-con.com

womansslippers.com

invictusfarm.com

search-panel-avg-rock.rest

desencriptar.com

imperialexoticreptiles.com

agastify.com

strinvstr.com

julianapeloi.com

myproperty99.com

mahardikasantoso.com

pathway-strategies.com

runbusinessonline.com

facenbook.xyz

texasschnauzer.com

whoyummy.top

hiscomsvc.com

644557.com

shouyeshow.com

emtek.site

inspireabossglobal.us

sellmyhouse365.net

ambergrids.xyz

shoptrendyshop.com

b7eb8.com

crystalsbyzoe.com

awfullive.site

rebelgreens.com

depressiqwidv.xyz

mvp69bet.com

selectedandprotected.com

china-jiahe.com

brandonknicely.com

redrodventuresllc.com

tomafer.net

makemeorgasm.net

wihomeoffers.com

bamko.link

secure-01.net

fridayhabit.com

mudeevehkuwpitcicet.site

inversioneskomp.com

oojry.xyz

jibony.com

cellphoneplansiusaweb.com

lianemuhill.com

caroeventos.com

thucphamsachkhaihuy.com

musicjem.com

hbbtv.xyz

meltemilebaskalasim.com

xn--38j0b6c.com

checkupfromtheneckup.net

Targets

- Target
  
  AccountStatement_DEC_2021.xlsx
- Size
  
  228KB
- MD5
  
  efdd1d237fd3872bb7579b3baa5f52d3
- SHA1
  
  75ebd64ef3ee49cb5fca134c7c2b19b5ea9af4fc
- SHA256
  
  60805ace9aa3457ba8fa8c0f815d470a30939370f8fd6d48a2013a49c1727d17
- SHA512
  
  0f5d0d0ca52b9753bb18858cd32dfe83804796630d51052985249d8105e9fe1bb3ded3fb44d17686b82ff3a62a61fae6697bccd0c9ba195c694287ed4f217e54
Score

10^/10

formbook og2w rat spyware stealer suricata trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Formbook Payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

formbookog2wratspywarestealersuricatatrojan

behavioral2

© 2018-2024

Terms | Privacy