Overview

overview

10

Static

static

RE,RE,PO.l...s.xlsx

windows7-x64

10

RE,RE,PO.l...s.xlsx

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    RE,RE,PO.listed items.xlsx

  • Size

    828KB

  • Sample

    220907-tv14aacef7

  • MD5

    61482968d92f5fced3211a1ba2393656

  • SHA1

    c1559ffd8dd2b43b544b98ee611fb7a4b1598b3a

  • SHA256

    98bb91d8c80f060020b8b49a0a13a1c2cd0f3f5faf1aaad75b0825511ab06fd5

  • SHA512

    49d19fcad16d6c90f33f838ddf768d68387b818f96f3594a7fbb7498a45a4fc06f300b4bc86490acde0b6823847feded4302a9ba0f5ab3667ec2a21f4a171e96

  • SSDEEP

    24576:cdDg0YXc5DWp2rDLI6liqTY9rOkGnulmYfD0n7:cdDg0acUp2jfpEO7QmKIn7

Score
10/10
formbookng04ratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ng04

Decoy

tevimaq.com

easterspecialtystore.com

smartlever.tech

10312.uk

tanjawiharbi.co.uk

471338.com

horusventure.com

empress-care.com

sinrian.com

465951.com

aemsti.com

nxcourier.com

stargatefarms.com

lalyquainvestment.com

dailysportsadvice.com

justlistmoore.com

stoneonroll.online

tatianakolomiets.com

barcodebbm.com

protectorship.world

Targets

    • Target

      RE,RE,PO.listed items.xlsx

    • Size

      828KB

    • MD5

      61482968d92f5fced3211a1ba2393656

    • SHA1

      c1559ffd8dd2b43b544b98ee611fb7a4b1598b3a

    • SHA256

      98bb91d8c80f060020b8b49a0a13a1c2cd0f3f5faf1aaad75b0825511ab06fd5

    • SHA512

      49d19fcad16d6c90f33f838ddf768d68387b818f96f3594a7fbb7498a45a4fc06f300b4bc86490acde0b6823847feded4302a9ba0f5ab3667ec2a21f4a171e96

    • SSDEEP

      24576:cdDg0YXc5DWp2rDLI6liqTY9rOkGnulmYfD0n7:cdDg0acUp2jfpEO7QmKIn7

    Score
    10/10
    formbookng04ratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Exploitation for Client Execution

1
T1203

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks