formbook | cd0ba91690bd303cc193df2e7744cad7feda1e5649b95dcda9a7de73ee0154e1 | Triage

Submit
Reports

Overview

overview

Static

static

1

PO47696.xls

windows7-x64

PO47696.xls

windows10-2004-x64

1

Sharing

General

Target

PO47696.xls
Size

933KB
Sample

230328-wakxnsdh8s
MD5

96f3bf73e444d45f8f9db96d6d6acf72
SHA1

65ddab32061e4a8d6aadc7c26a2811d92c2fe10a
SHA256

cd0ba91690bd303cc193df2e7744cad7feda1e5649b95dcda9a7de73ee0154e1
SHA512

3074b42b5eb295f2850460ee51bb8153479213ec274a02fab162adcacda044a9ed9f468fd97194bd30b2dd20eb1123044d0ec0e568d015fc3a1aa908b77abf02
SSDEEP

24576:TLKQSSMMednES+MXUNakAmmjmz+MXUnHWF222222222222222222222C22LZcV:TLKkMN+MXuaaow+MXVTcV

Score

10^/10

formbook sa79 rat spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

PO47696.xls

Resource

win7-20230220-en

formbook sa79 rat spyware stealer trojan

windows7-x64

20 signatures

150 seconds

Behavioral task

behavioral2

Sample

PO47696.xls

Resource

win10v2004-20230221-en

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

sa79

Decoy

aidigify.com

angelavamundson.xyz

glicotoday.fun

agencyforbuyers.com

blacklifecoachquiz.com

4e6aqw.site

huawei1990.com

diyetcay.online

chesirechefs.co.uk

generalhospitaleu.africa

hfewha.xyz

lemons2cents.com

rahilprakash.com

kave.tech

netlexfrance.net

youthexsa.africa

car-covers-40809.com

bambooactive.store

fotobugil48.com

kuhler.club

ftyon.xyz

cramyact1.info

finefrenchcaviar.co.uk

158029.xyz

doneswanneeds.com

campanianetwork.online

trade.boo

totaltrace.co.uk

grandgoldrange.africa

oliviahodges04.uk

eckiahe.club

imagebeuty.com

kutxa-incidencias.info

goodnewz.africa

alampsoldes.com

xuanliuchushaqi.com

leaf-spa.net

artblocks.bio

estres0.com

hcoltun.xyz

boostonsquelette.com

bettygrablerm.com

tulipbaddie.com

binosresidence.africa

sunnyola.com

guangxisangna.com

8888m.net

alaamriproducts.com

busy-people-gifts.com

i-sell-fun.com

grandnatali.ru

allstarssport.co.uk

cloud-spartan.co.uk

vitamincbd.africa

winelandsphotography.africa

ndyc.africa

cvbetter.co.uk

bestinvestment-trust.info

lblpackagestore.com

grabacionescaseras.com

fixmypothole.com

combatwash.com

brittnybuttondesign.net

eerieytorrent.com

heguangxueyuan.com

Targets

- Target
  
  PO47696.xls
- Size
  
  933KB
- MD5
  
  96f3bf73e444d45f8f9db96d6d6acf72
- SHA1
  
  65ddab32061e4a8d6aadc7c26a2811d92c2fe10a
- SHA256
  
  cd0ba91690bd303cc193df2e7744cad7feda1e5649b95dcda9a7de73ee0154e1
- SHA512
  
  3074b42b5eb295f2850460ee51bb8153479213ec274a02fab162adcacda044a9ed9f468fd97194bd30b2dd20eb1123044d0ec0e568d015fc3a1aa908b77abf02
- SSDEEP
  
  24576:TLKQSSMMednES+MXUNakAmmjmz+MXUnHWF222222222222222222222C22LZcV:TLKkMN+MXuaaow+MXVTcV
Score

10^/10

formbook sa79 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

formbooksa79ratspywarestealertrojan

behavioral2

© 2018-2024

Terms | Privacy