formbook | d7e98e5c75b815ee296b523c269453efdca996595b44c6e33ea0b112f34f8b3b | Triage

Submit
Reports

Overview

overview

Static

static

1

O_O.rtf

windows7-x64

O_O.rtf

windows10-2004-x64

1

Sharing

General

Target

O_O.DOC
Size

13KB
Sample

230216-1w9kdabh6v
MD5

aedb3953dd70f03351f2cf98ed82e141
SHA1

6610f485d292277a4afc3b91cf09a66b51c68fc4
SHA256

d7e98e5c75b815ee296b523c269453efdca996595b44c6e33ea0b112f34f8b3b
SHA512

6ad736036664831e313012129123964ebafd192a595282cc3f1b8b47b379d8f12736e0001f1c4f4c16e2a53afa5fe70eca555dc037f8160702c3a093e0c88a49
SSDEEP

192:7PsNGkkB2827ZFZuEHeNs3St0zD+yMUztAVVYXOsxITpg/YqAOiTfQ/j/P:7POCk7DeNs3St25hYgOlq5awjX

Score

10^/10

formbook ho62 rat spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

O_O.rtf

Resource

win7-20221111-en

formbook ho62 rat spyware stealer trojan

windows7-x64

22 signatures

150 seconds

Behavioral task

behavioral2

Sample

O_O.rtf

Resource

win10v2004-20220812-en

windows10-2004-x64

4 signatures

150 seconds

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ho62

Decoy

aqawonky.com

ancachsroadsideassistance.com

artologycreatlive.com

olesinfo.africa

lovebreatheandsleep.com

friendsofdragonsprings.com

homecomingmums.wiki

hg222.bet

precision-spares.co.uk

generalhospitaleu.africa

touchstone4x4.africa

dynamator.com

dental-implants-52531.com

efefear.buzz

bentonapp.net

89luxu.com

bridgesonelm.com

acesaigon.online

instantapprovals.loans

evuniverso.com

kasoraenterprises.com

instasteamer.com

granolei.com

iamavisioniar.site

beachexplo.com

ynametro.com

littlegallery-rovinj.com

27og.com

horrorcity.online

zexo.africa

perdeumane.com

drugsaddiction.co.uk

tickleyourfancy.africa

jimyhq.top

rajputnetwork.co.uk

lacuspidehn.com

bestxdenotecyby.top

gg10siyahposet.xyz

biorigin.co.uk

jye-group.com

digito.exposed

eternalstw.com

schjetne.dev

climateviking.com

easysaldoya.xyz

1233332.xyz

centerverified.online

lezzetyemekfabrikasi.com

wzshayang.com

cloudadonis.com

zxpz6.com

alifecube.com

induscontrolpcb.site

golfingineurope.com

ducksathomephotos.com

aimeesbellaboutique.com

justrebottle.com

hachettejeunesse.pro

238142.com

casabiancapanama.com

dohenydesalination.com

1-kh.com

cdhptor.xyz

island6.work

ehirtt.com

Targets

- Target
  
  O_O.DOC
- Size
  
  13KB
- MD5
  
  aedb3953dd70f03351f2cf98ed82e141
- SHA1
  
  6610f485d292277a4afc3b91cf09a66b51c68fc4
- SHA256
  
  d7e98e5c75b815ee296b523c269453efdca996595b44c6e33ea0b112f34f8b3b
- SHA512
  
  6ad736036664831e313012129123964ebafd192a595282cc3f1b8b47b379d8f12736e0001f1c4f4c16e2a53afa5fe70eca555dc037f8160702c3a093e0c88a49
- SSDEEP
  
  192:7PsNGkkB2827ZFZuEHeNs3St0zD+yMUztAVVYXOsxITpg/YqAOiTfQ/j/P:7POCk7DeNs3St25hYgOlq5awjX
Score

10^/10

formbook ho62 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

formbookho62ratspywarestealertrojan

behavioral2

© 2018-2024

Terms | Privacy