formbook | 99952f4d1441b505954c124f3e9139f6c8f4a8472db437b5f5e981d37b0d8837 | Triage

Submit
Reports

Overview

overview

Static

static

1

TT applica...py.xls

windows7-x64

TT applica...py.xls

windows10-2004-x64

1

Sharing

General

Target

TT application copy.xls
Size

1.1MB
Sample

230421-grflysed92
MD5

4a75a837275e85d09aeabeb442ff7c93
SHA1

fe410acd91fc5db51cd48306877b356413349e6d
SHA256

99952f4d1441b505954c124f3e9139f6c8f4a8472db437b5f5e981d37b0d8837
SHA512

9ed72e1eadcfc2f21514b604640cf2acf65c79a775d739364020c68946f71b57938c4b80bc898573bf1406a24131c17528205fd84b32375a438f778c01d14135
SSDEEP

24576:0u9VYltDLwBkN5DLwBkTiPtVIt2T7czefPNAMFk4:0uJNAQtqwkCNAg

Score

10^/10

formbook ne28 rat spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

TT application copy.xls

Resource

win7-20230220-en

formbook ne28 rat spyware stealer trojan

windows7-x64

19 signatures

150 seconds

Behavioral task

behavioral2

Sample

TT application copy.xls

Resource

win10v2004-20230221-en

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ne28

Decoy

basic-careitem.net

healstockton.com

groupetalentapro.com

geseconevent.com

adornmentwithadrienne.com

lazylynx.se

forestwerx.com

labishu.com

hilykan.com

beyondyoursenses.co.uk

inno-imc.com

driverrehab.online

mantlepies.co.uk

sicepat.net

kiwitownkids.com

infiniumsource.com

motorsolutionswithmakro.co.uk

6pg.shop

zijlont.xyz

corpusskencar.com

korthalsgriffonyorkshire.co.uk

hatchandneststudio.com

listestubenring.com

mynarcissist.co.uk

hfe2wr8zdi1.cfd

crackthecombination.com

cycw168.com

fren.pet

medicalcannabis.me.uk

locallooknh.com

dairecheese.com

celebrate.rsvp

foody-people.uk

11600yy.com

tuberider.africa

iamjlfreak.com

breadpartner.com

larrgestrreet.site

savethedateevents.uk

dongyoufood.com

jdmgarage.shop

commonthreadpatterns.com

ogadriver.africa

digitalfreakk.com

poshcompanyandsuites.net

gogh.live

easymediarealestate.com

brandpage.site

johnhallerconstruction.com

finemarken.com

dxyzcmag2020.com

greengrovetherapy.com

freshfruits.online

globalventureproject.info

themanxlobster.co.uk

conviord.com

goodpeoplegb1115.shop

christiesparis.com

pnc-verify-support1.com

cheerleader.social

forum-sanmonika.online

dulcescamus.com

thegolfteeshop.co.uk

dafabetvn.info

theredorchard.co.uk

Targets

- Target
  
  TT application copy.xls
- Size
  
  1.1MB
- MD5
  
  4a75a837275e85d09aeabeb442ff7c93
- SHA1
  
  fe410acd91fc5db51cd48306877b356413349e6d
- SHA256
  
  99952f4d1441b505954c124f3e9139f6c8f4a8472db437b5f5e981d37b0d8837
- SHA512
  
  9ed72e1eadcfc2f21514b604640cf2acf65c79a775d739364020c68946f71b57938c4b80bc898573bf1406a24131c17528205fd84b32375a438f778c01d14135
- SSDEEP
  
  24576:0u9VYltDLwBkN5DLwBkTiPtVIt2T7czefPNAMFk4:0uJNAQtqwkCNAg
Score

10^/10

formbook ne28 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Exploitation for Client Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Scripting

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookne28ratspywarestealertrojan

behavioral2

© 2018-2024

Terms | Privacy