formbook | 90e73df4afa607e8067725397493c2781c69b1c2afa6e155c262ee90cb6e3a79 | Triage

Submit
Reports

Overview

overview

Static

static

SecuriteIn...30.rtf

windows7-x64

SecuriteIn...30.rtf

windows10-2004-x64

1

Sharing

General

Target

SecuriteInfo.com.Exploit.CVE-2018-0798.4.27084.13530.rtf
Size

4KB
Sample

221206-pyg3cscg7t
MD5

c746fc38543961ccceb2d8479563eb24
SHA1

bdcd20367cf10fba4e469fd7686f5954bf059bb0
SHA256

90e73df4afa607e8067725397493c2781c69b1c2afa6e155c262ee90cb6e3a79
SHA512

8ecc5025be36392d874e70e6fc1188584bfc5ed64aed628ddb9d5e384b15353f5bead449d9bbb29e7816b4f585a97462eea865c5d6b1e84dc99495ce5964260e
SSDEEP

96:FtnJKExwV6jHtAFNo02KG2VHWGRr2juUes5wO5IUfMAWf4FjJiJsh:Flb06jHmi02d2dZrSrlSO5IUfMAogjJB

Score

10^/10

formbook wh23 rat spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

SecuriteInfo.com.Exploit.CVE-2018-0798.4.27084.13530.rtf

Resource

win7-20221111-en

formbook wh23 rat spyware stealer trojan

windows7-x64

24 signatures

150 seconds

Behavioral task

behavioral2

Sample

SecuriteInfo.com.Exploit.CVE-2018-0798.4.27084.13530.rtf

Resource

win10v2004-20221111-en

windows10-2004-x64

4 signatures

150 seconds

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

wh23

Decoy

ow9vyvfee.com

alvis.one

mutantgobz.claims

plynofon.com

southofkingst.store

nuvidamedspa.com

coffeeforyou56.com

opaletechevents.com

momobar.life

abcmousu.com

learnicd-11.com

tipokin.xyz

kahvezevki.com

suratdimond.com

oldartists.best

infoepic.info

mattresslabo.com

skarlmotors.com

cl9319x.xyz

med49app.net

vivarellistaging2.com

gwnv.link

ogurecsbatvoi-7.online

littlelionplaycafe.com

floridaindianrivergeoves.com

eyelashacademysurrey.com

elprobetre.store

sexfan.biz

westbay.casino

carmana.store

optitude.finance

neo-hub.us

meadowwoodanimalclinic.com

ok-experts.com

magnoliabymr.com

fenomini.com

miaowu.work

skipermind.com

winstim.com

14123ninemile.com

plegablescr.com

bloommagiccbdburaliste.com

focusing-garef.com

krumobilept.com

norbercik.online

qteko.com

growupmarketingservices.com

alem-holdings.com

entreinnovator3.com

mainlydivision.space

module.live

gtrewegehwewe5.asia

jd8wme.cyou

pingacx757.com

big-teamwork.com

lesyeuxdanslespoches.com

yutighjkdfgjkd.shop

yourstoolsample.com

musntgrumble.com

jurgenremmerie.com

ebade.xyz

johnollieconstruction.com

bioprofumeria.shop

sarithebrand.com

taiguszab.online

Targets

- Target
  
  SecuriteInfo.com.Exploit.CVE-2018-0798.4.27084.13530.rtf
- Size
  
  4KB
- MD5
  
  c746fc38543961ccceb2d8479563eb24
- SHA1
  
  bdcd20367cf10fba4e469fd7686f5954bf059bb0
- SHA256
  
  90e73df4afa607e8067725397493c2781c69b1c2afa6e155c262ee90cb6e3a79
- SHA512
  
  8ecc5025be36392d874e70e6fc1188584bfc5ed64aed628ddb9d5e384b15353f5bead449d9bbb29e7816b4f585a97462eea865c5d6b1e84dc99495ce5964260e
- SSDEEP
  
  96:FtnJKExwV6jHtAFNo02KG2VHWGRr2juUes5wO5IUfMAWf4FjJiJsh:Flb06jHmi02d2dZrSrlSO5IUfMAogjJB
Score

10^/10

formbook wh23 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

formbookwh23ratspywarestealertrojan

behavioral2

© 2018-2024

Terms | Privacy