formbook | c796080f9c704855e94c27f3126628cc1434b252ae6a8168de81865d7e4eb20a | Triage

Submit
Reports

Overview

overview

Static

static

RFQ_OFFER_...14.rtf

windows7_x64

RFQ_OFFER_...14.rtf

windows10_x64

1

Sharing

General

Target

RFQ_OFFER_3098_5RFQ-5914.doc
Size

2.2MB
Sample

220131-hks45sghf2
MD5

150261328c9acaecc66968ae0efd37ee
SHA1

19eeff6bfc783323a85950682958f5e006c5b0e8
SHA256

c796080f9c704855e94c27f3126628cc1434b252ae6a8168de81865d7e4eb20a
SHA512

c3bb944949065d71fbdeb054c2d6ac59a52a4e023207087a2c2ae5d8b5b6ed292d01d2405120913e683e7a903fc259719d35c33001aa72e30df74b2d6a5197f0

Score

10^/10

formbook cc16 rat spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

RFQ_OFFER_3098_5RFQ-5914.rtf

Resource

win7-en-20211208

formbook cc16 rat spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

RFQ_OFFER_3098_5RFQ-5914.rtf

Resource

win10-en-20211208

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

cc16

Decoy

dcownloadaudiobooks.com

agencyfreedom.net

code9help.com

nextstarwkrg.com

ashleyjana.net

livingarrangementmove.com

nuevorenaultaustral.com

cyptosphere.com

thelearningforestacademy.com

frestail.info

veohat.online

infoemailteamitnetalpha.com

rainforestsloth.com

auzunstore.com

comepritty.com

comchain.digital

spacemind.space

riacompliancebox.com

rocketaccoynt.com

feng01.xyz

gadgetbursts.com

lccontrolsystems.com

bestphotonow.com

safetyrunway.com

similarbringdoctor.top

vrdining.net

peoplehealty4.xyz

bedside.care

impfen-mit-herz.com

pacificwestaccess.com

douvip462.com

radiogenesisiguazu.com

musicnoreverywhere.xyz

newjerseyplumbingservices.com

homes4saleincampbellriver.com

lojas12.com

agras.expert

lubomirgroch.com

xu8arboo59y3.xyz

vuecreativeagency.com

alexandre-langlois.net

shelbytokenshop.com

apotek.site

zeynepserce.com

smallpocketsbigbrand.com

xhtd6085.com

dylansinteriorpaintingllc.com

lasertherapyhawaii.com

redoris.com

capereno.com

jiangxibzy.com

045119.com

rachaelphillipsdataexpert.com

themajestichouse.com

hagyreo.xyz

diesel-heart.com

samsaratee.com

chsnetworking.com

aiotoy.com

tf2bux.com

lapsoiot.xyz

257mg.xyz

securebre.cat

murdercloud.com

movies2watchcc.com

Targets

- Target
  
  RFQ_OFFER_3098_5RFQ-5914.doc
- Size
  
  2.2MB
- MD5
  
  150261328c9acaecc66968ae0efd37ee
- SHA1
  
  19eeff6bfc783323a85950682958f5e006c5b0e8
- SHA256
  
  c796080f9c704855e94c27f3126628cc1434b252ae6a8168de81865d7e4eb20a
- SHA512
  
  c3bb944949065d71fbdeb054c2d6ac59a52a4e023207087a2c2ae5d8b5b6ed292d01d2405120913e683e7a903fc259719d35c33001aa72e30df74b2d6a5197f0
Score

10^/10

formbook cc16 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Formbook Payload
  rat
- Blocklisted process makes network request
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

formbookcc16ratspywarestealertrojan

behavioral2

© 2018-2024

Terms | Privacy