Overview

overview

10

Static

static

Alligator ...te.rtf

windows7_x64

10

Alligator ...te.rtf

windows10_x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Alligator Pty Ltd Quote.doc

  • Size

    11KB

  • Sample

    220131-eyn6kafee5

  • MD5

    37cc5bc4e5abd89e1692a665b89a5c81

  • SHA1

    6dd7bec2fdf972c4bbb011e091b5c5bfca3869fb

  • SHA256

    c00b4e748c0349fad00b1bfb999208b0e1d24a1d932a2d0e6929bff4e822e35c

  • SHA512

    ba50442d35d895aa9dd4ec585dd163bea446ec14807bb4ea389595350bd97eb5a553643ac6f501f91357b9d39877960fcf8e2839ae7d98769ddf24ef46bc46a1

Score
10/10
formbookcw22ratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

cw22

Decoy

betvoy206.com

nftstoners.com

tirupatibuilder.com

gulldesigns.com

shemhq.com

boricosmetic.com

bitcoinbillionaireboy.com

theflypaperplanes.com

retrocartours.com

yangzhie326.com

cheepchain.com

sentryr.com

luckirentalhomes.com

pointssquashers.com

dianasarabiantreasures.com

calendarsilo.com

sublike21.xyz

gajubg0up.xyz

lousfoodreviews.com

fades.site

Targets

    • Target

      Alligator Pty Ltd Quote.doc

    • Size

      11KB

    • MD5

      37cc5bc4e5abd89e1692a665b89a5c81

    • SHA1

      6dd7bec2fdf972c4bbb011e091b5c5bfca3869fb

    • SHA256

      c00b4e748c0349fad00b1bfb999208b0e1d24a1d932a2d0e6929bff4e822e35c

    • SHA512

      ba50442d35d895aa9dd4ec585dd163bea446ec14807bb4ea389595350bd97eb5a553643ac6f501f91357b9d39877960fcf8e2839ae7d98769ddf24ef46bc46a1

    Score
    10/10
    formbookcw22ratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Exploitation for Client Execution

1
T1203

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks