formbook | 54addec2aa97b3938c4ff81ee36cb37d4d3597b3c7b81f3e8106ba35e1bcbd0b | Triage

Submit
Reports

Overview

overview

Static

static

Order details.xlsx

windows7_x64

Order details.xlsx

windows10-2004_x64

1

Sharing

General

Target

Order details.xlsx
Size

176KB
Sample

220706-qhxcsadbcj
MD5

36e3875fa058105bc9eedb62543d3816
SHA1

ee1efdb171829d12f3f2eb43a4e3321121b58397
SHA256

54addec2aa97b3938c4ff81ee36cb37d4d3597b3c7b81f3e8106ba35e1bcbd0b
SHA512

18678a33e3b3320f2e0b57484871a06cfc3a2ce2e6e4a9ab6c01c1c57664eb2e42c224cfc1f7ad78fde503699edf879156fecc1fdf63895e61e4387706ac0d53

Score

10^/10

formbook s3s3 rat spyware stealer suricata trojan

Static task

static1

Behavioral task

behavioral1

Sample

Order details.xlsx

Resource

win7-20220414-en

formbook s3s3 rat spyware stealer suricata trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Order details.xlsx

Resource

win10v2004-20220414-en

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

s3s3

Decoy

tvielotus.com

teesta.xyz

talentrecruitor.com

pamaungipb.com

xn--90ahkh6a6b8b.site

910carolina.com

toyotaecoyouth-dev.com

invetnables.com

gdexc.com

ssw168.com

householdmould.com

mqttradar.xyz

t333c.com

thepausestudio.com

evershedsutherlands.com

asbdataplus.com

preddylilthingz.com

jepwu.com

tvlido.com

artovus.com

trainingmagazineme.com

rettar.net

underneathstardoll.com

babipiko21.site

getvpsdime.com

accentsfurniture.com

cutdowns.tech

teklcin.online

sunshareesg.com

eventrewards.site

lacomunaperu.com

a-tavola.online

gshund.com

monsterflixer.com

896851.com

carpetlandcolortileflint.com

filmproduction.management

cherie-clinique.com

medjoker.com

grant-helpers.site

sussdmortgages.com

solaranlagen-forum.com

freecustomsites.com

h7578.com

ideadly.com

backend360.com

podgorskidesign.com

zilinsky.taxi

ourelevatetribe.com

thefitnesswardllc.com

eficazindustrial.com

thecovefishcamp.com

niuxy.com

myluxurypals.com

clinicadentalvelinta.com

dis99.com

crosswealth.xyz

itopjob.com

oandbcleaningservices.com

afri-solutions.com

paradiseoe.com

versionespublicas.com

b2lonline.com

usdcmeta.xyz

bense003.xyz

Targets

- Target
  
  Order details.xlsx
- Size
  
  176KB
- MD5
  
  36e3875fa058105bc9eedb62543d3816
- SHA1
  
  ee1efdb171829d12f3f2eb43a4e3321121b58397
- SHA256
  
  54addec2aa97b3938c4ff81ee36cb37d4d3597b3c7b81f3e8106ba35e1bcbd0b
- SHA512
  
  18678a33e3b3320f2e0b57484871a06cfc3a2ce2e6e4a9ab6c01c1c57664eb2e42c224cfc1f7ad78fde503699edf879156fecc1fdf63895e61e4387706ac0d53
Score

10^/10

formbook s3s3 rat spyware stealer suricata trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
  suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
  suricata
- Formbook Payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

formbooks3s3ratspywarestealersuricatatrojan

behavioral2

© 2018-2024

Terms | Privacy