Overview

overview

10

Static

static

Payment advice.xlsx

windows7_x64

10

Payment advice.xlsx

windows10_x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Payment advice.xlsx

  • Size

    317KB

  • Sample

    211216-jx94vsbdg5

  • MD5

    64a7ebd803d51adfbdf6ac59f80c480d

  • SHA1

    5cc23d9eb83bcfc85478869c2582a49704e31025

  • SHA256

    065082cb9c1f153dd36a418b551c33187148b5f56e28dc14f9208e81c40739c4

  • SHA512

    d67f81c93c77489bd04edd781e1625abd8991b1cac9962e592a6c077febb270a85db64f2eaafa9d51f00b1f02391ae4c883bbb35e564d47a44b4f1cc132eb8d0

Score
10/10
formbookog2wratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

og2w

Decoy

drivenexpress.info

pdfproxy.com

zyz999.top

oceanserver1.com

948289.com

nubilewoman.com

ibizadiamonds.com

bosniantv-australia.com

juliehutzell.com

poshesocial.events

icsrwk.xyz

nap-con.com

womansslippers.com

invictusfarm.com

search-panel-avg-rock.rest

desencriptar.com

imperialexoticreptiles.com

agastify.com

strinvstr.com

julianapeloi.com

Targets

    • Target

      Payment advice.xlsx

    • Size

      317KB

    • MD5

      64a7ebd803d51adfbdf6ac59f80c480d

    • SHA1

      5cc23d9eb83bcfc85478869c2582a49704e31025

    • SHA256

      065082cb9c1f153dd36a418b551c33187148b5f56e28dc14f9208e81c40739c4

    • SHA512

      d67f81c93c77489bd04edd781e1625abd8991b1cac9962e592a6c077febb270a85db64f2eaafa9d51f00b1f02391ae4c883bbb35e564d47a44b4f1cc132eb8d0

    Score
    10/10
    formbookog2wratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

1
T1064

Exploitation for Client Execution

1
T1203

Persistence

Privilege Escalation

Defense Evasion

Scripting

1
T1064

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

3
T1082

Query Registry

2
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks