formbook

General

Target

SecuriteInfo.com.Exploit.CVE-2018-0798.4.23649.15924.rtf
Size

3KB
Sample

221209-qsynladc45
MD5

69a6f3e5b30ab64fd90eb46dfec8d714
SHA1

9843c366b075bc145a5164be19052f8b441ef6e8
SHA256

5bf7aa1de7a064a956a29b7927a17b58c20b7cba96d74bd976ff920c41a34224
SHA512

547a9d9d80dcc33e0b113028b9a6fc8447d2823dbef89e01412282ce1f02317cd65bf48c2cfc2abd5d9b73ac49d07a8cd2860626675f7857ac906bf1b12c5bcd

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

lt63

Decoy

fortrantelecom.africa

ffafa.buzz

bullybrain.com

ekeisolutions.com

lamiamira.com

noahsark.xyz

beautyby-eve.com

cloudfatory.com

12443.football

hataykultur.online

donqu3.sexy

breakthroughaustralia.com

havengpe.com

cpxlocatup.info

corefourpartners.com

amonefintech.com

thithombo.africa

bassmaty.store

fdshdsr.top

lifesoapsimple.com

Targets

- Target
  
  SecuriteInfo.com.Exploit.CVE-2018-0798.4.23649.15924.rtf
- Size
  
  3KB
- MD5
  
  69a6f3e5b30ab64fd90eb46dfec8d714
- SHA1
  
  9843c366b075bc145a5164be19052f8b441ef6e8
- SHA256
  
  5bf7aa1de7a064a956a29b7927a17b58c20b7cba96d74bd976ff920c41a34224
- SHA512
  
  547a9d9d80dcc33e0b113028b9a6fc8447d2823dbef89e01412282ce1f02317cd65bf48c2cfc2abd5d9b73ac49d07a8cd2860626675f7857ac906bf1b12c5bcd
Score

10^/10

formbook lt63 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Exploitation for Client Execution

1

T1203

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

3

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Blocklisted process makes network request

Downloads MZ/PE file

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2