formbook | d7993d70d7f8a1d66a2a20842331dbe29e0ad8af5fad8a086892fe89878fdfa5 | Triage

Submit
Reports

Overview

overview

Static

static

Order 669 ...NC.rtf

windows7_x64

Order 669 ...NC.rtf

windows10_x64

1

Sharing

General

Target

Order 669 SOS DEI F.LLI CIRELLI SNC.doc
Size

2.2MB
Sample

220131-lbdjwahed7
MD5

6ec0bc735c8265f7708b78c13255d816
SHA1

e5b9838854f6dbf46a779097084520685941a942
SHA256

d7993d70d7f8a1d66a2a20842331dbe29e0ad8af5fad8a086892fe89878fdfa5
SHA512

e25e7117f0d23f569548d9b2495f2b15791a6e7571b772855fe09e389c2e501359035b5a19053953ccf184c62bb9d031b0ce0d82ac941b6b0d07bdd124cd9ed7

Score

10^/10

formbook g18s rat spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

Order 669 SOS DEI F.LLI CIRELLI SNC.rtf

Resource

win7-en-20211208

formbook g18s rat spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Order 669 SOS DEI F.LLI CIRELLI SNC.rtf

Resource

win10-en-20211208

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

g18s

Decoy

compositetwin.com

bevoegd.com

cheesefestbd.com

gunddaisue.xyz

feiprotocolrewards.com

investmentpassion-2.biz

burnoutttt.com

violetberomunster.online

amrxbar.com

winnersrecycling.com

jlhxfdc.com

cubeobscura.com

iumgbl.com

gaptoy.link

imibimba.com

jklhs7gl.xyz

kaileaoutdoors.com

apartment35205.com

zeitung474.rest

andsourcing.com

alexishealthcareinc.com

jetprocessors.com

nomoredarkspo.com

gelectronics24.com

adrianmartinezhuskers.com

valbrid.net

kipzip.site

semsoci.com

appsdexin.com

bart1.space

xk7ayot97f3l.xyz

nerryukiolaser.xyz

holidayphnegve2.com

daizo-kikai.com

yqcr.online

personal-injury-lawyer.biz

dawngoneit.com

countdowntotheclarks.com

recordedcolor.com

datecproducts.com

schwellbrunn24.net

adreal360.com

mconecta.com

tipofmytonguefilm.com

mypremiumessaywriters.com

newcreationsrm.com

careerfaitplus.com

wondaxr.com

vandadweb.com

wghapt059.xyz

parcel-web-tracker.com

daocommunitydevelopment.com

dd3399.com

xk7aqq257dn6.xyz

myeaser.com

ghosttacklecompany.fish

etherealyou.net

nanocadisophinic.xyz

rostovkamera.com

badmetropriceknow.com

rtithreads360.com

noblegearreviews.com

failbannerembeach.com

zhoupy.xyz

wk7aslhqomk8.xyz

Targets

- Target
  
  Order 669 SOS DEI F.LLI CIRELLI SNC.doc
- Size
  
  2.2MB
- MD5
  
  6ec0bc735c8265f7708b78c13255d816
- SHA1
  
  e5b9838854f6dbf46a779097084520685941a942
- SHA256
  
  d7993d70d7f8a1d66a2a20842331dbe29e0ad8af5fad8a086892fe89878fdfa5
- SHA512
  
  e25e7117f0d23f569548d9b2495f2b15791a6e7571b772855fe09e389c2e501359035b5a19053953ccf184c62bb9d031b0ce0d82ac941b6b0d07bdd124cd9ed7
Score

10^/10

formbook g18s rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Formbook Payload
  rat
- Blocklisted process makes network request
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

formbookg18sratspywarestealertrojan

behavioral2

© 2018-2024

Terms | Privacy