formbook | cc5b8184b5f785130a42a53b8600a5d12721f49ee6949d93e3a3722f98604135 | Triage

Submit
Reports

Overview

overview

Static

static

KOC BQ-202...8.xlsx

windows7-x64

KOC BQ-202...8.xlsx

windows10-2004-x64

1

Sharing

General

Target

KOC BQ-2022-PROC-SI-68.xlsx
Size

110KB
Sample

220725-k45ndsbgej
MD5

21889c7c54d86bd8b3e376a8f23e068c
SHA1

433870de72541bf95aa33bdd8d03f7039a30e853
SHA256

cc5b8184b5f785130a42a53b8600a5d12721f49ee6949d93e3a3722f98604135
SHA512

9fc8f6f489a9b13e2fef8a52927d582e5088313a2d1ea35097ab40fea68b949c337bb26f08fac97b981896e7e45c72dc4fbf06d9d9b046c754a5c9a5d2551df9

Score

10^/10

formbook s4s9 rat spyware stealer suricata trojan

Static task

static1

Behavioral task

behavioral1

Sample

KOC BQ-2022-PROC-SI-68.xlsx

Resource

win7-20220718-en

formbook s4s9 rat spyware stealer suricata trojan

windows7-x64

22 signatures

150 seconds

Behavioral task

behavioral2

Sample

KOC BQ-2022-PROC-SI-68.xlsx

Resource

win10v2004-20220721-en

windows10-2004-x64

4 signatures

150 seconds

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

s4s9

Decoy

qianyuandianshang.com

bernardklein.com

slhomeservices.com

findasaas.com

janellelancaster.xyz

umkpro.site

nr6949.online

mersquare.club

lanariproperties.com

3rdeyefocused.com

giftexpress8260.xyz

hilleleven.xyz

beajod.com

kosazs.online

ishare.team

mb314.com

xjjinxingda.com

ayekooprojectamazing.com

ballsybanter.com

todayshoppingbd.com

recomdietvl.store

zakladmalarstwa.com

bj-ours.com

hubwealth.com

watchmyreview.com

sallyliddicoat.com

eventiliveitalia.com

worldchannelconference.com

suciptahadi.online

ksht5566.com

topfastcashsystemwebshop.com

eyeiieyetv.com

thewarchannel.net

valorousgamers.com

vip01ytre.xyz

szec.tech

233365.xyz

specialroute.net

eugenachase.com

pikoulas.com

shorter-658423.site

win8856.com

burleyqpersianscom.com

sidetrackedmusic.com

chungketvinhomesspotlight.com

qiange.site

motconsultant.com

yottatic.com

usaprostatecenter.com

putovanjazasve.com

kozykornerpizza.com

hainpore.com

52appmj.com

albanyskylights.com

keropy.xyz

infosecrety.xyz

ethlogo.com

labohack.com

veridiumid.xyz

gaylebong.com

rsmegastore.com

janschlesinger.com

cshong-ya.com

shopevix.com

preciousssllc.net

Targets

- Target
  
  KOC BQ-2022-PROC-SI-68.xlsx
- Size
  
  110KB
- MD5
  
  21889c7c54d86bd8b3e376a8f23e068c
- SHA1
  
  433870de72541bf95aa33bdd8d03f7039a30e853
- SHA256
  
  cc5b8184b5f785130a42a53b8600a5d12721f49ee6949d93e3a3722f98604135
- SHA512
  
  9fc8f6f489a9b13e2fef8a52927d582e5088313a2d1ea35097ab40fea68b949c337bb26f08fac97b981896e7e45c72dc4fbf06d9d9b046c754a5c9a5d2551df9
Score

10^/10

formbook s4s9 rat spyware stealer suricata trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
  suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
  suricata
- Formbook payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

formbooks4s9ratspywarestealersuricatatrojan

behavioral2

© 2018-2024

Terms | Privacy