formbook | d8a5da9f780854652a37a5a4fdd812a99af1b26236adf4deac2ca38415224a8d | Triage

Submit
Reports

Overview

overview

Static

static

RFQ-SANOS-...01.rtf

windows7-x64

RFQ-SANOS-...01.rtf

windows10-2004-x64

1

Sharing

General

Target

RFQ-SANOS-TENDER DOCUMENT_specifications001.doc
Size

9KB
Sample

221209-mh8h9sch92
MD5

8f7574acf0737fc12d5019b19df45ff5
SHA1

12be20df9be6591cd53003cc4c9e7388a672e41c
SHA256

d8a5da9f780854652a37a5a4fdd812a99af1b26236adf4deac2ca38415224a8d
SHA512

fe935974b8de54c093a7c355db5558f10ce3d7b156bd8b835ded53dee1afe650566ac88be6ea0c9d933f1d8db287787f08e71db93b3ee56d7afb24ea38511859
SSDEEP

192:Xnu6W2UOd8LhywLTPG6Pw24rCKdDrAKVw3AsQ6aR3ijPWFqMw5OCjMaM:3f/UOd8Fyw3+kwr+KdrAUwwsQRR3ijp8

Score

10^/10

formbook wh23 rat spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

RFQ-SANOS-TENDER DOCUMENT_specifications001.rtf

Resource

win7-20220812-en

formbook wh23 rat spyware stealer trojan

windows7-x64

24 signatures

150 seconds

Behavioral task

behavioral2

Sample

RFQ-SANOS-TENDER DOCUMENT_specifications001.rtf

Resource

win10v2004-20220812-en

windows10-2004-x64

4 signatures

150 seconds

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

wh23

Decoy

ow9vyvfee.com

alvis.one

mutantgobz.claims

plynofon.com

southofkingst.store

nuvidamedspa.com

coffeeforyou56.com

opaletechevents.com

momobar.life

abcmousu.com

learnicd-11.com

tipokin.xyz

kahvezevki.com

suratdimond.com

oldartists.best

infoepic.info

mattresslabo.com

skarlmotors.com

cl9319x.xyz

med49app.net

vivarellistaging2.com

gwnv.link

ogurecsbatvoi-7.online

littlelionplaycafe.com

floridaindianrivergeoves.com

eyelashacademysurrey.com

elprobetre.store

sexfan.biz

westbay.casino

carmana.store

optitude.finance

neo-hub.us

meadowwoodanimalclinic.com

ok-experts.com

magnoliabymr.com

fenomini.com

miaowu.work

skipermind.com

winstim.com

14123ninemile.com

plegablescr.com

bloommagiccbdburaliste.com

focusing-garef.com

krumobilept.com

norbercik.online

qteko.com

growupmarketingservices.com

alem-holdings.com

entreinnovator3.com

mainlydivision.space

module.live

gtrewegehwewe5.asia

jd8wme.cyou

pingacx757.com

big-teamwork.com

lesyeuxdanslespoches.com

yutighjkdfgjkd.shop

yourstoolsample.com

musntgrumble.com

jurgenremmerie.com

ebade.xyz

johnollieconstruction.com

bioprofumeria.shop

sarithebrand.com

taiguszab.online

Targets

- Target
  
  RFQ-SANOS-TENDER DOCUMENT_specifications001.doc
- Size
  
  9KB
- MD5
  
  8f7574acf0737fc12d5019b19df45ff5
- SHA1
  
  12be20df9be6591cd53003cc4c9e7388a672e41c
- SHA256
  
  d8a5da9f780854652a37a5a4fdd812a99af1b26236adf4deac2ca38415224a8d
- SHA512
  
  fe935974b8de54c093a7c355db5558f10ce3d7b156bd8b835ded53dee1afe650566ac88be6ea0c9d933f1d8db287787f08e71db93b3ee56d7afb24ea38511859
- SSDEEP
  
  192:Xnu6W2UOd8LhywLTPG6Pw24rCKdDrAKVw3AsQ6aR3ijPWFqMw5OCjMaM:3f/UOd8Fyw3+kwr+KdrAUwwsQRR3ijp8
Score

10^/10

formbook wh23 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Command-Line Interface

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookwh23ratspywarestealertrojan

behavioral2

© 2018-2024

Terms | Privacy