formbook | 752d06bd8ff5e075fb69e52626f9983bcfeb51e5eed191ebbf7ca453bc524d1d | Triage

Submit
Reports

Overview

overview

Static

static

1

Items Required.pdf

windows7-x64

Items Required.pdf

windows10-2004-x64

1

Sharing

General

Target

Items Required.pdf
Size

3.1MB
Sample

230322-l2lceaab2y
MD5

7bce6abaafcc35245df3d74e76855558
SHA1

678f93c6d46c3194a4440e9e7856e21efd84c198
SHA256

752d06bd8ff5e075fb69e52626f9983bcfeb51e5eed191ebbf7ca453bc524d1d
SHA512

c6ebfa6f8a4e7aee8e74127bf714e7a6918d03daa52ea1abaa3e653baf91e6bf3ce42a7130460b98b0034c694e42705a6d4ccd3a269845640b7b5ccdfc513358
SSDEEP

98304:T4R97CScENc/i//clqkMRScE1416sXHWiLLVKG:/ScENc/i//clqkMRScE1413nnkG

Score

10^/10

formbook bk08 rat spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

Items Required.pdf

Resource

win7-20230220-en

formbook bk08 rat spyware stealer trojan

windows7-x64

19 signatures

150 seconds

Behavioral task

behavioral2

Sample

Items Required.pdf

Resource

win10v2004-20230220-en

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

bk08

Decoy

chloie.net

fastingersecure.monster

foundersterrace.online

ytorly.xyz

kiralayolla.com

corporacionalpi.com

planfortheworld.com

disciplinecoaching.co.uk

rubi33.com

digitlabmedia.com

ky20033.com

h4q7.com

91ye260.xyz

coconceptevents.com

ukusizas.africa

utainnovative.africa

ted-clean.co.uk

haus-huelsche.com

ca-refund.website

football.salon

cloudprovident.com

donesgaiwork.com

lilycandles.com

fiedjapan.com

bioticawater.co.uk

adaptiveinvestmentsllc.com

coreypowers.com

kci.biz

everlegacycoldstorage.online

blackmatchgaming.com

alnour-avocats.com

hotelvillaverdehn.com

furniture-47390.com

bnekesoi.link

hitidigital.net

c66u.xyz

inc64.com

autoe.live

ttl7645.com

ergoconstructionservices.ltd

mythologynme.com

6n899.com

haveskeimany.com

ghhhrhbdfghapi02.xyz

cookiesseedzbank.com

diyet.app

denizatiplushotel.com

indiahalalexpo.com

evklvq.com

distrolution.app

accel.top

laniemade.com

n13ax.com

19luxu.com

funfact-infoworld.com

acnereset.com

jamestownohiochamber.com

leadgeneration.works

1wijjx.top

appsinclouds.site

biz4search.online

houseofperson.com

karencaseyphoto.net

76845.site

7701666.vip

Targets

- Target
  
  Items Required.pdf
- Size
  
  3.1MB
- MD5
  
  7bce6abaafcc35245df3d74e76855558
- SHA1
  
  678f93c6d46c3194a4440e9e7856e21efd84c198
- SHA256
  
  752d06bd8ff5e075fb69e52626f9983bcfeb51e5eed191ebbf7ca453bc524d1d
- SHA512
  
  c6ebfa6f8a4e7aee8e74127bf714e7a6918d03daa52ea1abaa3e653baf91e6bf3ce42a7130460b98b0034c694e42705a6d4ccd3a269845640b7b5ccdfc513358
- SSDEEP
  
  98304:T4R97CScENc/i//clqkMRScE1416sXHWiLLVKG:/ScENc/i//clqkMRScE1413nnkG
Score

10^/10

formbook bk08 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

formbookbk08ratspywarestealertrojan

behavioral2

© 2018-2024

Terms | Privacy