formbook | 8a21b7c5efa3aa0f5d093e1e7b3da5dd7aa559266f3f68151be92036ca7f718a | Triage

Submit
Reports

Overview

overview

Static

static

1

O--O.rtf

windows7-x64

O--O.rtf

windows10-2004-x64

1

Sharing

General

Target

O--O.DOC
Size

13KB
Sample

230220-phrxmaad6v
MD5

82d96b88479ceeb946d62e6573871988
SHA1

0ad70340a881c816006885caad3ac1a90a08fc37
SHA256

8a21b7c5efa3aa0f5d093e1e7b3da5dd7aa559266f3f68151be92036ca7f718a
SHA512

b426862c17d53d1ba92a08cdd20562a55cb077d7a9082557cf7fcc16042f2d2304551be274ce1d0583a422f4fc6d3e15a24648e0d569659efba7ec4a361b7bcb
SSDEEP

384:jhto8hBmxr8xMFagkNQBDLRiNkgR+3YO7yK9l:jhtrBMImFBiNk6+3Y0XD

Score

10^/10

formbook ho62 rat spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

O--O.rtf

Resource

win7-20220812-en

formbook ho62 rat spyware stealer trojan

windows7-x64

22 signatures

150 seconds

Behavioral task

behavioral2

Sample

O--O.rtf

Resource

win10v2004-20220812-en

windows10-2004-x64

4 signatures

150 seconds

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ho62

Decoy

aqawonky.com

ancachsroadsideassistance.com

artologycreatlive.com

olesinfo.africa

lovebreatheandsleep.com

friendsofdragonsprings.com

homecomingmums.wiki

hg222.bet

precision-spares.co.uk

generalhospitaleu.africa

touchstone4x4.africa

dynamator.com

dental-implants-52531.com

efefear.buzz

bentonapp.net

89luxu.com

bridgesonelm.com

acesaigon.online

instantapprovals.loans

evuniverso.com

kasoraenterprises.com

instasteamer.com

granolei.com

iamavisioniar.site

beachexplo.com

ynametro.com

littlegallery-rovinj.com

27og.com

horrorcity.online

zexo.africa

perdeumane.com

drugsaddiction.co.uk

tickleyourfancy.africa

jimyhq.top

rajputnetwork.co.uk

lacuspidehn.com

bestxdenotecyby.top

gg10siyahposet.xyz

biorigin.co.uk

jye-group.com

digito.exposed

eternalstw.com

schjetne.dev

climateviking.com

easysaldoya.xyz

1233332.xyz

centerverified.online

lezzetyemekfabrikasi.com

wzshayang.com

cloudadonis.com

zxpz6.com

alifecube.com

induscontrolpcb.site

golfingineurope.com

ducksathomephotos.com

aimeesbellaboutique.com

justrebottle.com

hachettejeunesse.pro

238142.com

casabiancapanama.com

dohenydesalination.com

1-kh.com

cdhptor.xyz

island6.work

ehirtt.com

Targets

- Target
  
  O--O.DOC
- Size
  
  13KB
- MD5
  
  82d96b88479ceeb946d62e6573871988
- SHA1
  
  0ad70340a881c816006885caad3ac1a90a08fc37
- SHA256
  
  8a21b7c5efa3aa0f5d093e1e7b3da5dd7aa559266f3f68151be92036ca7f718a
- SHA512
  
  b426862c17d53d1ba92a08cdd20562a55cb077d7a9082557cf7fcc16042f2d2304551be274ce1d0583a422f4fc6d3e15a24648e0d569659efba7ec4a361b7bcb
- SSDEEP
  
  384:jhto8hBmxr8xMFagkNQBDLRiNkgR+3YO7yK9l:jhtrBMImFBiNk6+3Y0XD
Score

10^/10

formbook ho62 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

formbookho62ratspywarestealertrojan

behavioral2

© 2018-2024

Terms | Privacy