Overview

overview

10

Static

static

000003_20221206.rtf

windows7-x64

10

000003_20221206.rtf

windows10-2004-x64

1

Resubmissions

06-12-2022 13:34

221206-qt7mwscc89 10

06-12-2022 13:32

221206-qs85bsfb5t 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    000003_20221206.doc

  • Size

    3KB

  • Sample

    221206-qt7mwscc89

  • MD5

    feb31139c26b083f45bac3fedd811e2d

  • SHA1

    8c2b7d9d9a953a9f944c141498724da53624a12c

  • SHA256

    6b0f67636b41da6d6f69d57dd2b421c140ee5090c168eb09b08357c00eb1963d

  • SHA512

    487bc1ff45089071a6cdfbe9c6637285d7549fc4c011e8ec8fc4827609c531219d3c53b5516e03a48d07b623e7f904fc3f43c48c59a941a31918c5229996eba7

Score
10/10
formbookh3haratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

h3ha

Decoy

ideas-dulces.store

store1995.store

swuhn.com

ninideal.com

musiqhaus.com

quranchart.com

kszq26.club

lightfx.online

thetickettruth.com

meritloancubk.com

lawnforcement.com

sogeanetwork.com

thedinoexotics.com

kojima-ah.net

gr-myab3z.xyz

platiniuminestor.net

reviewsiske.com

stessil-lifestyle.com

goodqjourney.biz

cirimpianti.com

Targets

    • Target

      000003_20221206.doc

    • Size

      3KB

    • MD5

      feb31139c26b083f45bac3fedd811e2d

    • SHA1

      8c2b7d9d9a953a9f944c141498724da53624a12c

    • SHA256

      6b0f67636b41da6d6f69d57dd2b421c140ee5090c168eb09b08357c00eb1963d

    • SHA512

      487bc1ff45089071a6cdfbe9c6637285d7549fc4c011e8ec8fc4827609c531219d3c53b5516e03a48d07b623e7f904fc3f43c48c59a941a31918c5229996eba7

    Score
    10/10
    formbookh3haratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks