formbook

General

Target

SecuriteInfo.com.RTF.CVE_2017_11882.BOR.Exploit.2456.27294.rtf
Size

2KB
Sample

221213-rt6ahaeg94
MD5

6186f6816589ce48b4a4a3fb2f53da9f
SHA1

cb5a88172a54e6e7115b23cc4b0fe86236a6592c
SHA256

739edc2bea872b78f6deb65fa81171afebbb2c99abb0697db67b7ed2a34167fd
SHA512

c22ac8eb7fc727ead9af3bf81ceb931118b3176c66811a4d3c30027537d563de379a5bf71eab85c72cced589a7e9e4afe05fd6a1d9eaf2e7818b0173b9ba9735

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

h3ha

Decoy

ideas-dulces.store

store1995.store

swuhn.com

ninideal.com

musiqhaus.com

quranchart.com

kszq26.club

lightfx.online

thetickettruth.com

meritloancubk.com

lawnforcement.com

sogeanetwork.com

thedinoexotics.com

kojima-ah.net

gr-myab3z.xyz

platiniuminestor.net

reviewsiske.com

stessil-lifestyle.com

goodqjourney.biz

cirimpianti.com

Targets

- Target
  
  SecuriteInfo.com.RTF.CVE_2017_11882.BOR.Exploit.2456.27294.rtf
- Size
  
  2KB
- MD5
  
  6186f6816589ce48b4a4a3fb2f53da9f
- SHA1
  
  cb5a88172a54e6e7115b23cc4b0fe86236a6592c
- SHA256
  
  739edc2bea872b78f6deb65fa81171afebbb2c99abb0697db67b7ed2a34167fd
- SHA512
  
  c22ac8eb7fc727ead9af3bf81ceb931118b3176c66811a4d3c30027537d563de379a5bf71eab85c72cced589a7e9e4afe05fd6a1d9eaf2e7818b0173b9ba9735
Score

10^/10

formbook h3ha rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Exploitation for Client Execution

1

T1203

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

System Information Discovery

3

T1082

Query Registry

2

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Blocklisted process makes network request

Downloads MZ/PE file

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2