formbook

General

Target

new PO.doc
Size

11KB
Sample

220127-wlb4xahda2
MD5

7a61e1f2990ed01daba36a19255a7967
SHA1

f35678a6116f884a65f8ff77e4c0e4efdd65f792
SHA256

916b82ec72b04beca20629129e3401d2f06a76026d12cd3c41fc28b927fbdf83
SHA512

e0ab039f84b7ace5c8a9a9d3ede87a65a19ae7d624529af27f2ea94c3e21a7b658efee226f995ac81863135d3b6542f272aa9e5e89c4042ca1d0e4d569222639

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

a83r

Decoy

comercializadoralonso.com

durhamschoolservces.com

onegreencapital.com

smartcities24.com

maquinas.store

brianlovesbonsai.com

xin41518s.com

moneyearnus.xyz

be-mix.com

fengyat.club

inspectdecided.xyz

paksafpakistan.com

orhidlnt.top

princesuraj.com

vietnamvodka.com

renewnow.site

imageservices.xyz

luxurytravelfranchise.com

kp112.red

royalyorkfirewood.com

Targets

- Target
  
  new PO.doc
- Size
  
  11KB
- MD5
  
  7a61e1f2990ed01daba36a19255a7967
- SHA1
  
  f35678a6116f884a65f8ff77e4c0e4efdd65f792
- SHA256
  
  916b82ec72b04beca20629129e3401d2f06a76026d12cd3c41fc28b927fbdf83
- SHA512
  
  e0ab039f84b7ace5c8a9a9d3ede87a65a19ae7d624529af27f2ea94c3e21a7b658efee226f995ac81863135d3b6542f272aa9e5e89c4042ca1d0e4d569222639
Score

10^/10

formbook a83r rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Exploitation for Client Execution

1

T1203

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Blocklisted process makes network request

Downloads MZ/PE file

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2