formbook

General

Target

20589634.doc
Size

17KB
Sample

220126-rlq6lseba7
MD5

9f262c6d365ac4bc1b8785009bbe1368
SHA1

81a240b1cc12340d0d003af33bf6e4a1c93154fe
SHA256

6ee894977bb2a47f9fff347a6e29942065c1058a3a0dfd924884af1c3320d569
SHA512

4735c1a56b3ec7fb8383e67cb6f430d7d5c2575967bd8965febccd1577cbeb79bec6adfec501b25d57f578bfab013a853ddd67f65555c045ba723650a73af179

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

qugo

Decoy

sathapornstainlesssteel.com

everythingisaninvestment.com

appsbyraf.com

superhornygirl.club

christmastreeclass.com

cheatdayztogo.com

aadent7.com

divinitypath.com

figuli563.com

distanzalojistik.com

pricelesslookyto-looktoday.info

pcaaems.com

itsnewmovie.com

4kx.claims

rental-aruyo.com

psiek.com

justnobleempress.com

40daysfor40nights.com

91266w.com

csi-texas.biz

Targets

- Target
  
  20589634.doc
- Size
  
  17KB
- MD5
  
  9f262c6d365ac4bc1b8785009bbe1368
- SHA1
  
  81a240b1cc12340d0d003af33bf6e4a1c93154fe
- SHA256
  
  6ee894977bb2a47f9fff347a6e29942065c1058a3a0dfd924884af1c3320d569
- SHA512
  
  4735c1a56b3ec7fb8383e67cb6f430d7d5c2575967bd8965febccd1577cbeb79bec6adfec501b25d57f578bfab013a853ddd67f65555c045ba723650a73af179
Score

10^/10

formbook qugo rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Exploitation for Client Execution

1

T1203

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Blocklisted process makes network request

Downloads MZ/PE file

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2