formbook | 314abde7cc0afb37d11c26c7f8b213b76e7d1f3e4d7e9c8bd8203b4e989118ca | Triage

Submit
Reports

Overview

overview

Static

static

Proforma I...67.rtf

windows7-x64

Proforma I...67.rtf

windows10-2004-x64

1

Sharing

General

Target

Proforma Invoice 106967.doc
Size

3KB
Sample

221214-kyp1rahe98
MD5

784f065d80ff1879a3d9511ca050cb87
SHA1

2d9cd45f4a949152c1d6602e2e25343ba1e94275
SHA256

314abde7cc0afb37d11c26c7f8b213b76e7d1f3e4d7e9c8bd8203b4e989118ca
SHA512

64b42de257c8bc263c0de0b948645c7b0b3e607a74c56122aef4ad930c8120ce541df50f04e0bda8c29553369c2a9bb6873d61e53613ebfc428cb09b90b6d0be

Score

10^/10

formbook sk19 rat spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

Proforma Invoice 106967.rtf

Resource

win7-20220812-en

formbook sk19 rat spyware stealer trojan

windows7-x64

23 signatures

150 seconds

Behavioral task

behavioral2

Sample

Proforma Invoice 106967.rtf

Resource

win10v2004-20221111-en

windows10-2004-x64

4 signatures

150 seconds

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

sk19

Decoy

21diasdegratitud.com

kx1993.com

chasergt.com

837news.com

naturagent.co.uk

gatorinsurtech.com

iyaboolashilesblog.africa

jamtanganmurah.online

gguminsa.com

lilliesdrop.com

lenvera.com

link48.co.uk

azinos777.fun

lgcdct.cfd

bg-gobtc.com

livecarrer.uk

cbq4u.com

imalreadygone.com

wabeng.africa

jxmheiyouyuetot.tokyo

atrikvde.xyz

ceopxb.com

autovincert.com

18traversplace.com

internetmedianews.com

entersight.net

guzmanshandymanservicesllc.com

gqqwdz.com

emeraldpathjewelery.com

flowmoneycode.online

gaziantepmedicalpointanket.com

111lll.xyz

irkwood138.site

abovegross.com

shopabeee.co.uk

greenvalleyfoodusa.com

dd-canada.com

libertysminings.com

baronsaccommodation.co.uk

kareto.buzz

freeexercisecoalition.com

73129.vip

avanteventexperiences.com

comercialdiabens.fun

nondescript.uk

facal.dev

detox-71934.com

kovar.club

jetsparking.com

infocuspublicidad.com

xxhcom.com

indianvoltage.com

becrownedllc.com

3744palosverdes.com

gospelnative.africa

linkmastermind.com

cotgfp.com

lousweigman.com

cantoaffine.online

debbiepatrickdesigns.com

766626.com

webcubemedia.africa

autonomaat.com

hannahmarsh.co.uk

justbeand.com

Targets

- Target
  
  Proforma Invoice 106967.doc
- Size
  
  3KB
- MD5
  
  784f065d80ff1879a3d9511ca050cb87
- SHA1
  
  2d9cd45f4a949152c1d6602e2e25343ba1e94275
- SHA256
  
  314abde7cc0afb37d11c26c7f8b213b76e7d1f3e4d7e9c8bd8203b4e989118ca
- SHA512
  
  64b42de257c8bc263c0de0b948645c7b0b3e607a74c56122aef4ad930c8120ce541df50f04e0bda8c29553369c2a9bb6873d61e53613ebfc428cb09b90b6d0be
Score

10^/10

formbook sk19 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

formbooksk19ratspywarestealertrojan

behavioral2

© 2018-2024

Terms | Privacy