formbook

General

Target

9e89ae3e1c950baa301e0061cbbd578b35bd9bd016afd77ed9495c70a1999956.xlsx
Size

947KB
Sample

230206-3q5qcagd83
MD5

06eff9fb8f6098158272b5a9ff87f0fd
SHA1

934dbfa6420ece2eedc1b197bb52d72a733c35f7
SHA256

9e89ae3e1c950baa301e0061cbbd578b35bd9bd016afd77ed9495c70a1999956
SHA512

fc340415e01c1f7179c071c5eece2a39ce0aa3d0b16490d550ed26ac45187b2e56354bda2abad8ae8072cf77c7e134e647bf06b0ce3c40dea5193c1b6a014ec6
SSDEEP

24576:9jDnTuEKc8PJ5557OvpmXgBChtuZRb5imJ7EbuZAieK:tTOJ5557OAXECHuZRbYmJ7kQeK

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

vr21

Decoy

detrop.ru

bolacash.club

thezoidtv.africa

bigartgallerystudio.com

doshkoljata.ru

gamesdaybuddiessingles.com

zonlin.net

thehilltoplodges.co.uk

fcvip.club

amandacurtinnutrition.com

londonairporttaxies.com

graniteteammates.com

devthanhvo.site

kl-thelabel.com

a1choice.net

amzprod.com

iwaint.com

device-children.com

canada-immigration-72440.com

irsdev.ru

Targets

- Target
  
  9e89ae3e1c950baa301e0061cbbd578b35bd9bd016afd77ed9495c70a1999956.xlsx
- Size
  
  947KB
- MD5
  
  06eff9fb8f6098158272b5a9ff87f0fd
- SHA1
  
  934dbfa6420ece2eedc1b197bb52d72a733c35f7
- SHA256
  
  9e89ae3e1c950baa301e0061cbbd578b35bd9bd016afd77ed9495c70a1999956
- SHA512
  
  fc340415e01c1f7179c071c5eece2a39ce0aa3d0b16490d550ed26ac45187b2e56354bda2abad8ae8072cf77c7e134e647bf06b0ce3c40dea5193c1b6a014ec6
- SSDEEP
  
  24576:9jDnTuEKc8PJ5557OvpmXgBChtuZRb5imJ7EbuZAieK:tTOJ5557OAXECHuZRbYmJ7kQeK
Score

10^/10

formbook vr21 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Exploitation for Client Execution

1

T1203

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

System Information Discovery

3

T1082

Query Registry

2

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Blocklisted process makes network request

Downloads MZ/PE file

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2