formbook | 5a5817fe411771135283c96d05ac670e36251ba2ed0d6e900d2e0e6952591573 | Triage

Submit
Reports

Overview

overview

Static

static

1

DETAILS OF...00.xls

windows7-x64

DETAILS OF...00.xls

windows10-2004-x64

1

Sharing

General

Target

DETAILS OF BANK TRANSFER USD48908,00.xls
Size

1.3MB
Sample

230328-g15bnshc85
MD5

d085e17676c94c8823ae62adb80b30a0
SHA1

a5525bd1ec686d2d6cd3776236e831473d1a310f
SHA256

5a5817fe411771135283c96d05ac670e36251ba2ed0d6e900d2e0e6952591573
SHA512

4b2b304130105138cfec8d53f6535a4ef7257b215d031b5e34c10fe02a518e5d1f0ed323a5758acd6f837c27328e93977937b3ebc19ba284dc94cb228fc9c1d7
SSDEEP

24576:HLKiSSMMednEhakAmmjmCakAmmjmt+MXU/akAmmjm4+MXU+/WV2222222222222x:HLK2MCaaoxaaoa+MXsaaoT+MXYv

Score

10^/10

formbook sa79 rat spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

DETAILS OF BANK TRANSFER USD48908,00.xls

Resource

win7-20230220-en

formbook sa79 rat spyware stealer trojan

windows7-x64

20 signatures

150 seconds

Behavioral task

behavioral2

Sample

DETAILS OF BANK TRANSFER USD48908,00.xls

Resource

win10v2004-20230221-en

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

sa79

Decoy

aidigify.com

angelavamundson.xyz

glicotoday.fun

agencyforbuyers.com

blacklifecoachquiz.com

4e6aqw.site

huawei1990.com

diyetcay.online

chesirechefs.co.uk

generalhospitaleu.africa

hfewha.xyz

lemons2cents.com

rahilprakash.com

kave.tech

netlexfrance.net

youthexsa.africa

car-covers-40809.com

bambooactive.store

fotobugil48.com

kuhler.club

ftyon.xyz

cramyact1.info

finefrenchcaviar.co.uk

158029.xyz

doneswanneeds.com

campanianetwork.online

trade.boo

totaltrace.co.uk

grandgoldrange.africa

oliviahodges04.uk

eckiahe.club

imagebeuty.com

kutxa-incidencias.info

goodnewz.africa

alampsoldes.com

xuanliuchushaqi.com

leaf-spa.net

artblocks.bio

estres0.com

hcoltun.xyz

boostonsquelette.com

bettygrablerm.com

tulipbaddie.com

binosresidence.africa

sunnyola.com

guangxisangna.com

8888m.net

alaamriproducts.com

busy-people-gifts.com

i-sell-fun.com

grandnatali.ru

allstarssport.co.uk

cloud-spartan.co.uk

vitamincbd.africa

winelandsphotography.africa

ndyc.africa

cvbetter.co.uk

bestinvestment-trust.info

lblpackagestore.com

grabacionescaseras.com

fixmypothole.com

combatwash.com

brittnybuttondesign.net

eerieytorrent.com

heguangxueyuan.com

Targets

- Target
  
  DETAILS OF BANK TRANSFER USD48908,00.xls
- Size
  
  1.3MB
- MD5
  
  d085e17676c94c8823ae62adb80b30a0
- SHA1
  
  a5525bd1ec686d2d6cd3776236e831473d1a310f
- SHA256
  
  5a5817fe411771135283c96d05ac670e36251ba2ed0d6e900d2e0e6952591573
- SHA512
  
  4b2b304130105138cfec8d53f6535a4ef7257b215d031b5e34c10fe02a518e5d1f0ed323a5758acd6f837c27328e93977937b3ebc19ba284dc94cb228fc9c1d7
- SSDEEP
  
  24576:HLKiSSMMednEhakAmmjmCakAmmjmt+MXU/akAmmjm4+MXU+/WV2222222222222x:HLK2MCaaoxaaoa+MXsaaoT+MXYv
Score

10^/10

formbook sa79 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Exploitation for Client Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Scripting

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbooksa79ratspywarestealertrojan

behavioral2

© 2018-2024

Terms | Privacy