formbook | 264f0534cab513547b16dd6089b22b8e87079d403159ba4550dc22c1c5ba4311 | Triage

Submit
Reports

Overview

overview

Static

static

SecuriteIn...50.rtf

windows7-x64

SecuriteIn...50.rtf

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

Target

SecuriteInfo.com.Trojan.DOC.Exploit.S.26451.27250.rtf
Size

1.8MB
Sample

221218-t2368aff9t
MD5

189183f0fcb3ddca384604d88a6f15ae
SHA1

19b710e99726b7d70b3ad407389d1efe0f6841f4
SHA256

264f0534cab513547b16dd6089b22b8e87079d403159ba4550dc22c1c5ba4311
SHA512

ae138592369fc7c565f5349b542213417c8c6143e5227dd91561a6372bc34b1de8cc62a4e4b6a388ac9e81c6a8ebbd3076bc73863a496a837d3706baa891558f
SSDEEP

1536:XsdRLURHtQQQQQQQQQK3QQuQZbJt9Xp9EiQZIgdRXqgZbJt9Xp9EiQQQ9QkQQQZC:XY3K

Score

10^/10

formbook kk2u rat spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

SecuriteInfo.com.Trojan.DOC.Exploit.S.26451.27250.rtf

Resource

win7-20221111-en

formbook kk2u rat spyware stealer trojan

windows7-x64

18 signatures

150 seconds

Behavioral task

behavioral2

Sample

SecuriteInfo.com.Trojan.DOC.Exploit.S.26451.27250.rtf

Resource

win10v2004-20220812-en

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

kk2u

Decoy

ea2production.com

attentionasset.guru

buildwithnikki.com

imtheonlyperson.team

virtualexpotech.com

calsury.com

kleanrituals.net

liburaja.com

liqzxixcya.net

wmtk8.com

jillianmacklin.com

coffeewithme.com

xn--l-1fa.online

worktoolsdepot.com

collectprocessstore.com

mu-thienmenh.com

brooklynrashael.com

chsepd.com

hudsonsealswim.com

basslakedisposal.com

cydzjx.com

4455hj.com

lace5.com

b3cornhole.com

hanchao.info

harlembombshell.world

anandniketanharidwar.com

shopcsnrv.com

smallapplianced.com

thecashbackphonepe.online

gtemconstruction1.com

topattorneypro.info

sunhingfoodstv.com

aristotleaffiliate.com

140b.xyz

magnetlinkpro.com

suggruposas.com

matthewhissong.com

rforus.com

dancingwithourheroes.com

warmintro.chat

malk.digital

lioninternational-edu.com

tjggmy.com

rastrogallery.com

fullpassion.net

275353074.com

algenmeister.com

hunthopeandlove.com

environmental-hygiene.net

justlk.com

lwhministries.com

shophuyenlinh.com

macombcountyattorneys.media

bizjpm.com

dljingkong.com

ripbn.com

sex1c.com

durantfoodplace.com

b2bsalesmath.com

orangedh.com

zqhtbj.com

gvdlixcq.com

cubingpop.com

cloudshopgr.com

Targets

- Target
  
  SecuriteInfo.com.Trojan.DOC.Exploit.S.26451.27250.rtf
- Size
  
  1.8MB
- MD5
  
  189183f0fcb3ddca384604d88a6f15ae
- SHA1
  
  19b710e99726b7d70b3ad407389d1efe0f6841f4
- SHA256
  
  264f0534cab513547b16dd6089b22b8e87079d403159ba4550dc22c1c5ba4311
- SHA512
  
  ae138592369fc7c565f5349b542213417c8c6143e5227dd91561a6372bc34b1de8cc62a4e4b6a388ac9e81c6a8ebbd3076bc73863a496a837d3706baa891558f
- SSDEEP
  
  1536:XsdRLURHtQQQQQQQQQK3QQuQZbJt9Xp9EiQZIgdRXqgZbJt9Xp9EiQQQ9QkQQQZC:XY3K
Score

10^/10

formbook kk2u rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Formbook payload
  rat
- Blocklisted process makes network request
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookkk2uratspywarestealertrojan

behavioral2

© 2018-2025

Terms | Privacy