formbook | 153faf944590ffc174faee0c67b6f4a47f186d016881ce3441542f7a36ab8b82 | Triage

Submit
Reports

Overview

overview

Static

static

RFQ_2082983.rtf

windows7_x64

RFQ_2082983.rtf

windows10_x64

1

Sharing

General

Target

RFQ_2082983.doc
Size

2.2MB
Sample

220131-h8y1ashcg9
MD5

5626f64c57491d2f2d614c47da4b9063
SHA1

1a248103d388028fce134bb9cf3f8051b56f6b50
SHA256

153faf944590ffc174faee0c67b6f4a47f186d016881ce3441542f7a36ab8b82
SHA512

653c0c288940672b983504b7f522feae7af471325d0a398d7444d4ce1c66343d113e8a1e9bf51246e3a4e69a166707c7aa8bd2fb7e16e8274c782fe0be23987c

Score

10^/10

formbook dt23 rat spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

RFQ_2082983.rtf

Resource

win7-en-20211208

formbook dt23 rat spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

RFQ_2082983.rtf

Resource

win10-en-20211208

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

dt23

Decoy

acresyetthrow.xyz

botoxforchronicmigraine.com

bulletproofrzr.com

curiaegroup.com

7seasvisas.com

dofastig.com

xu6gfskoedlj.xyz

indoorindia.com

cinejunky.xyz

projectsunshine.info

wefmans.com

gv3f9asm.xyz

couriergbblogistics.com

tcd-ussf.com

ssmgk.com

beeyou-photography.com

agulhanopalheirobrecho.xyz

damlacreative.xyz

businessinvestmentcanada.today

makingwavesbyterra.com

foresightfundingconsultants.com

fortbendisdstudenthomepage.com

suip.online

higherlevelcontent.com

dingzhiwuhu.com

sans-sanity.com

nashvillesportsauthority.com

clarvazatoareaana.com

xn--malagueamg-z9a.com

datapendukung.com

europetopjob.com

hostingboliviano.com

butdex.online

azbrotherskoreadates.com

siguemipaso.com

rcthanenorth.com

peramidtown.com

hcmslyj.com

bikepackig.com

myparty-store.com

buildngs.com

comptesbancaireswebfr.com

aankoopbegeleider.com

wolfcapitalinvestment.com

mydreamstates.com

makelittlerockgreatagain.com

agripsychbeam.com

thoughtsofaith.com

modepride.one

odocos.com

taylormadewoodwork.com

chevlot.com

footiclub.com

allai-stekt.com

completeinstructoracademy.com

kailo-listjournal.com

oregonspecialistgroup.com

poscyprus.com

awfencestaining-tx.com

qs009.com

tuyauhorizontalcoud.com

atonmnicxwallet.com

godrejriviera-ambivali.info

1michiganlightning.com

shshkj.com

Targets

- Target
  
  RFQ_2082983.doc
- Size
  
  2.2MB
- MD5
  
  5626f64c57491d2f2d614c47da4b9063
- SHA1
  
  1a248103d388028fce134bb9cf3f8051b56f6b50
- SHA256
  
  153faf944590ffc174faee0c67b6f4a47f186d016881ce3441542f7a36ab8b82
- SHA512
  
  653c0c288940672b983504b7f522feae7af471325d0a398d7444d4ce1c66343d113e8a1e9bf51246e3a4e69a166707c7aa8bd2fb7e16e8274c782fe0be23987c
Score

10^/10

formbook dt23 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Formbook Payload
  rat
- Blocklisted process makes network request
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

formbookdt23ratspywarestealertrojan

behavioral2

© 2018-2024

Terms | Privacy