Overview

overview

10

Static

static

SOA.xlsx

windows7-x64

10

SOA.xlsx

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SOA.xlsx

  • Size

    1.7MB

  • Sample

    221122-h2tr1adf76

  • MD5

    6d0ffda3d403e12607337606c8247225

  • SHA1

    7443723afdd701a4b381ff07994728044c865b12

  • SHA256

    075f8ce203bde3729623ea42defc5f6308741f4865c3b4f50cc50d9b3b256bcf

  • SHA512

    97bebc571a38a6500351408deec7c72f3db28ca00fc73b15c7f96303e3e4430fd4cef9e624029a28f55e75d70c37da7d287f77f4c513224d5bb1827e25d56807

  • SSDEEP

    49152:6yr5O9tOjxHHDoS2rsVnmQsfr6ijGG0Weynbkpr:DY9tOjxHHDoS7Kr6tkH2r

Score
10/10
formbooksk19ratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

sk19

Decoy

21diasdegratitud.com

kx1993.com

chasergt.com

837news.com

naturagent.co.uk

gatorinsurtech.com

iyaboolashilesblog.africa

jamtanganmurah.online

gguminsa.com

lilliesdrop.com

lenvera.com

link48.co.uk

azinos777.fun

lgcdct.cfd

bg-gobtc.com

livecarrer.uk

cbq4u.com

imalreadygone.com

wabeng.africa

jxmheiyouyuetot.tokyo

Targets

    • Target

      SOA.xlsx

    • Size

      1.7MB

    • MD5

      6d0ffda3d403e12607337606c8247225

    • SHA1

      7443723afdd701a4b381ff07994728044c865b12

    • SHA256

      075f8ce203bde3729623ea42defc5f6308741f4865c3b4f50cc50d9b3b256bcf

    • SHA512

      97bebc571a38a6500351408deec7c72f3db28ca00fc73b15c7f96303e3e4430fd4cef9e624029a28f55e75d70c37da7d287f77f4c513224d5bb1827e25d56807

    • SSDEEP

      49152:6yr5O9tOjxHHDoS2rsVnmQsfr6ijGG0Weynbkpr:DY9tOjxHHDoS7Kr6tkH2r

    Score
    10/10
    formbooksk19ratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Exploitation for Client Execution

1
T1203

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

3
T1082

Query Registry

2
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks