formbook

General

Target

8757t68657.doc
Size

1.2MB
Sample

230301-l18fjsff93
MD5

4235233ad7b597102f4487fc1a60a626
SHA1

bc5b2271e68226a88af51453b0d8457f14bb6ca9
SHA256

e0c35894a02a5ffeca20200d4cb17e9b354c953d5704794242117c4e6307ca08
SHA512

edd8efdb085e2adcd564f49b73873fa2c699545421dba1807a72842ccd8af5b2ac6e7221b2e5568fd472aa18b90ba71afb688dce94fe6a1d1dd46a4fd5f52632
SSDEEP

24576:vGJPA5UEY+zNc5mLmUXhXB8hfHK9AoaIS4LMSpMp76I3xNBsFIEdOlq8VawE4kSC:p

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

b07o

Decoy

rpalmerdecorating.co.uk

magellanalytics.net

28yorkave.com

woodburnershop.co.uk

jcw-media.com

helinica.com

yuaneju.com

akypan.top

cavidahome.com

annaswiatkowski.com

123findcapital.com

danielle.nyc

dhcons.click

ocnarf.co.uk

1wowoc.top

corbett.one

extersolutions.com

fcukart.com

fadaona.online

guangness.top

Targets

- Target
  
  8757t68657.doc
- Size
  
  1.2MB
- MD5
  
  4235233ad7b597102f4487fc1a60a626
- SHA1
  
  bc5b2271e68226a88af51453b0d8457f14bb6ca9
- SHA256
  
  e0c35894a02a5ffeca20200d4cb17e9b354c953d5704794242117c4e6307ca08
- SHA512
  
  edd8efdb085e2adcd564f49b73873fa2c699545421dba1807a72842ccd8af5b2ac6e7221b2e5568fd472aa18b90ba71afb688dce94fe6a1d1dd46a4fd5f52632
- SSDEEP
  
  24576:vGJPA5UEY+zNc5mLmUXhXB8hfHK9AoaIS4LMSpMp76I3xNBsFIEdOlq8VawE4kSC:p
Score

10^/10

formbook b07o rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Exploitation for Client Execution

1

T1203

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

3

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Blocklisted process makes network request

Downloads MZ/PE file

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2