Overview

overview

10

Static

static

1

attachment-2.rtf

windows7-x64

10

attachment-2.rtf

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3yP5O3z67450080F4221658485A0446ecc6321d.txt

  • Size

    53KB

  • Sample

    230507-brgw5aae6s

  • MD5

    e8c0aad2ea853fc1a0acb8e8c1e1a24e

  • SHA1

    9def4aad90be6db56fa5f1cd8757b87b13c962eb

  • SHA256

    402312f68b4957c22a38f9c325771a20eddb5c2c7867c0df31a8241a4672e2ac

  • SHA512

    b11f0853d4eacdf43e926391396dd9c7e845c314080fcf3615627c4a3f7dc4ff91a2464e890b781f0c5f1007d6fec75b5f235562cfc62c5bb8ba1390b9a0d2ed

  • SSDEEP

    768:hsjtk55sIrbJbTYqRVYivtSPZxDfM1cDWCOMLPUUUFIi/AqNZiOwPxkl8lP5mE24:ejAbbTlRBv+xDmcqCO36p/L1Z32Jhxn2

Score
10/10
formbookgtt8ratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

gtt8

Decoy

thesuccessbot.com

rittercivil.com

jt1.fun

d365extension.com

quqoxeq.top

visittworiverswi.com

bfprotienda.com

greenhabitsph.com

ladmere.com

clockboutiques.com

minwart.xyz

xinyuejiancai.online

eggsl.com

fetchingcandles.com

skywatiniya.com

hinkley.news

realityonlineenterprises.com

teamcroissant.com

esfera-pv.ch

herdadedosmontesbastos.com

Targets

    • Target

      attachment-2

    • Size

      36KB

    • MD5

      1024edaea952ddfed7ee9067dd266409

    • SHA1

      56b86cc12b63201a23ab3926901501f0aa5680d7

    • SHA256

      0b20d40d91927043566ec42d1d44c23bc0522e19defcd366c8354b9ea14db68c

    • SHA512

      5375187e3ff03b4386c5f9a449ebbda2ac34b20231f3bf4dec84ed99f6173855c8f98aa545fd49255449a2fbe978adf65f86dcc2c5261aaa455790a1ddd11b7b

    • SSDEEP

      768:SFx0XaIsnPRIa4fwJMZAEgpJagU+8DtIvBjJK:Sf0Xvx3EMZhkagU+etIvBFK

    Score
    10/10
    formbookgtt8ratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

1
T1059

Exploitation for Client Execution

1
T1203

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

3
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks