Overview

overview

10

Static

static

ลิส�...��.rtf

windows7-x64

10

ลิส�...��.rtf

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ลิสต์รายการและสเปคของที่ต้องการ.doc

  • Size

    31KB

  • Sample

    221208-m19jaahg42

  • MD5

    135ca6b75d76e54276865be252a7e8e7

  • SHA1

    9acc0db1a185ed9db3db00149d39aeb124119508

  • SHA256

    8ffb3b7f4303ac738f2fc186c3ee5f808fd4f27642af8402b0d7b60bae0ea364

  • SHA512

    6a0235536b1a5530d7f1cef4f4fced328b6d3c3ac60875d671d8c58c2ac84a76641e4d3e9ec586a8bd70de2d0defba01003b278bdf7fdc6330ef5b9d25121bee

  • SSDEEP

    768:WFx0XaIsnPRIa4fwJMdD0cfcFBmzRgHmQRZU:Wf0Xvx3EMFnyQDmU

Score
10/10
formbookvr84ratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

vr84

Decoy

intouchenergy.co.uk

lalumalkaliram.com

hillgreenholidays.co.uk

fluentliteracy.com

buildingworkerpower.com

by23577.com

gate-ch375019.online

jayess-decor.com

larkslife.com

swsnacks.co.uk

bigturtletiny.com

egggge.xyz

olastore.africa

lightshowsnewengland.com

daily-lox.com

empireoba.com

91302events.com

lawrencecountyfirechiefs.com

abrahamslibrary.com

cleaner365.online

Targets

    • Target

      ลิสต์รายการและสเปคของที่ต้องการ.doc

    • Size

      31KB

    • MD5

      135ca6b75d76e54276865be252a7e8e7

    • SHA1

      9acc0db1a185ed9db3db00149d39aeb124119508

    • SHA256

      8ffb3b7f4303ac738f2fc186c3ee5f808fd4f27642af8402b0d7b60bae0ea364

    • SHA512

      6a0235536b1a5530d7f1cef4f4fced328b6d3c3ac60875d671d8c58c2ac84a76641e4d3e9ec586a8bd70de2d0defba01003b278bdf7fdc6330ef5b9d25121bee

    • SSDEEP

      768:WFx0XaIsnPRIa4fwJMdD0cfcFBmzRgHmQRZU:Wf0Xvx3EMFnyQDmU

    Score
    10/10
    formbookvr84ratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Exploitation for Client Execution

1
T1203

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks