formbook | 5a6fcfcd7ef3d202d078f89b474640057b1c18ea5a600869bb512aa91dcea79d | Triage

Sharing

General

Target

SecuriteInfo.com.Exploit.ShellCode.69.16531.4903.rtf
Size

14KB
Sample

220923-en37qshacp
MD5

0a15ee96cad434726960422d629063c5
SHA1

b46ca3d9e2daf5b200453b991ea9cc294aa06e35
SHA256

5a6fcfcd7ef3d202d078f89b474640057b1c18ea5a600869bb512aa91dcea79d
SHA512

045b7ca80d6f5d94ee60b908f53180f141825af0782ba447ec1094092f08a0a557863a573c902699652a1c9d1d6693e611e9ab19907001dd8c85b59161699bcc
SSDEEP

192:aGUiYNyinwxoeFeInaJSZ0kxP+zfmCvTtzrj5FYgETJCmIJmLF1cf6oMmhEqm:lUpsbpnaAZ0kV0rx3bkemhu6oLEqm

Score

10^/10

formbook sde7 rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

sde7

Decoy

lolfilmfestival.com

pousdaobosque.com

tangierfilm.com

valuedassist.com

qcrluxuryrentals.com

poc4cloudx.com

irizh.art

flowsever.com

serios-lifestyle.com

abc-diomain.com

bmwoemwarehouse.com

vivelamoda.com

thesycorax.online

goodjob129.com

hudyeanamaze.com

pabcp.com

millennialworkouts.com

gpcr-compound-library.com

rotyupin.xyz

hnkcsm.com

Targets

- Target
  
  SecuriteInfo.com.Exploit.ShellCode.69.16531.4903.rtf
- Size
  
  14KB
- MD5
  
  0a15ee96cad434726960422d629063c5
- SHA1
  
  b46ca3d9e2daf5b200453b991ea9cc294aa06e35
- SHA256
  
  5a6fcfcd7ef3d202d078f89b474640057b1c18ea5a600869bb512aa91dcea79d
- SHA512
  
  045b7ca80d6f5d94ee60b908f53180f141825af0782ba447ec1094092f08a0a557863a573c902699652a1c9d1d6693e611e9ab19907001dd8c85b59161699bcc
- SSDEEP
  
  192:aGUiYNyinwxoeFeInaJSZ0kxP+zfmCvTtzrj5FYgETJCmIJmLF1cf6oMmhEqm:lUpsbpnaAZ0kV0rx3bkemhu6oLEqm
Score

10^/10

formbook sde7 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

formbooksde7ratspywarestealertrojan

behavioral2