formbook | 0da037449078eb28dffcd95733769019ee21831ac82b12d845fb051be22b33ec | Triage

Submit
Reports

Overview

overview

Static

static

PO.rtf

windows7_x64

PO.rtf

windows10-2004_x64

8

Sharing

General

Target

PO.doc
Size

11KB
Sample

220131-n3fjnahfe5
MD5

e57459af29551726024c5248739a1971
SHA1

89494d2a840d5681b84a01767d42980eb3530003
SHA256

0da037449078eb28dffcd95733769019ee21831ac82b12d845fb051be22b33ec
SHA512

96712d136260118c87a906dc2066db875f18a5448f4fb0b9098ba5d46243410b41f041c745fbb1f086abb2ec38ec247ea63e8e466335d202237eeb5530f55854

Score

10^/10

formbook jy93 persistence rat spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

PO.rtf

Resource

win7-en-20211208

formbook jy93 rat spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

PO.rtf

Resource

win10v2004-en-20220112

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

jy93

Decoy

alexito.space

shitsthebalm.com

margaritavillemelbourne.com

vonahk.xyz

1960lawn.com

augustacrim.com

bancopec.com

batrainingstudio.com

kokofleks.store

w4-form-irs.com

putnamob.com

mickeysmotors.com

8181yd.com

wedmecreation.com

mischianti.com

gskpop.com

douvip303.com

unlimitedlyfestylez.com

originophthalmics.com

oandazx86.xyz

aflambooks.com

woningkeuren.com

qiyepin.com

referto-online.com

philadelphiaguitarnews.com

wilhelmenaagency.com

visionbox.xyz

exmarry.com

obtainfollowers.com

conationcrossing.com

podiatrybroker.com

natistyle.com

livingessencewater.com

highperformancevehicles.com

undangannikahku.xyz

longlakehomesales.com

pridecocapital.com

prolificgraph.com

greatbayhme.com

bestplant.xyz

lesbianparadise.com

tabvern.com

electronix101.com

mhw44.xyz

xn--arbetslivsaktren-ywb.com

starpromocoes.com

123387lx.com

gunwicam.com

christophergallaghermusic.com

hirevirtualexperts.com

sanjivanimart.com

xn--unww24c.xn--czru2d

xolegal.com

rfzjsb.com

aquaflor.online

masterstouchautomotive.com

comptechs2000.com

vgerlay.com

minifootball-promogive.com

newtech25.com

kilthiredirect.com

allinfobd24.com

mengabarkan.online

derva.link

expressingunderst.store

Targets

- Target
  
  PO.doc
- Size
  
  11KB
- MD5
  
  e57459af29551726024c5248739a1971
- SHA1
  
  89494d2a840d5681b84a01767d42980eb3530003
- SHA256
  
  0da037449078eb28dffcd95733769019ee21831ac82b12d845fb051be22b33ec
- SHA512
  
  96712d136260118c87a906dc2066db875f18a5448f4fb0b9098ba5d46243410b41f041c745fbb1f086abb2ec38ec247ea63e8e466335d202237eeb5530f55854
Score

10^/10

formbook jy93 rat spyware stealer trojan persistence
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Sets service image path in registry
  persistence
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Exploitation for Client Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

formbookjy93ratspywarestealertrojan

behavioral2

© 2018-2024

Terms | Privacy