formbook

General

Target

SecuriteInfo.com.Exploit.CVE-2018-0798.4.25561.19599.rtf
Size

2KB
Sample

221123-ml5a1sed72
MD5

4b14561c9f2621d61539efcf95bc9005
SHA1

395f327ba50f436bf3b92d54252d2641743e23f6
SHA256

d7f8ae465ac4eaca7c6a61818c3350a613d1a8dadb3d26b5e58b4150be145fac
SHA512

784619dbc5b9fcefcecfc1e3f56341f3095c8cf9a23b1531853d5af354c94371bd7dc66f23f7cb30732c81f69a7de9a8ce6eb329bb918bdd0d9e79390b73deda

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

lt63

Decoy

fortrantelecom.africa

ffafa.buzz

bullybrain.com

ekeisolutions.com

lamiamira.com

noahsark.xyz

beautyby-eve.com

cloudfatory.com

12443.football

hataykultur.online

donqu3.sexy

breakthroughaustralia.com

havengpe.com

cpxlocatup.info

corefourpartners.com

amonefintech.com

thithombo.africa

bassmaty.store

fdshdsr.top

lifesoapsimple.com

Targets

- Target
  
  SecuriteInfo.com.Exploit.CVE-2018-0798.4.25561.19599.rtf
- Size
  
  2KB
- MD5
  
  4b14561c9f2621d61539efcf95bc9005
- SHA1
  
  395f327ba50f436bf3b92d54252d2641743e23f6
- SHA256
  
  d7f8ae465ac4eaca7c6a61818c3350a613d1a8dadb3d26b5e58b4150be145fac
- SHA512
  
  784619dbc5b9fcefcecfc1e3f56341f3095c8cf9a23b1531853d5af354c94371bd7dc66f23f7cb30732c81f69a7de9a8ce6eb329bb918bdd0d9e79390b73deda
Score

10^/10

formbook lt63 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Exploitation for Client Execution

1

T1203

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

System Information Discovery

3

T1082

Query Registry

2

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Blocklisted process makes network request

Downloads MZ/PE file

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2