Overview

overview

10

Static

static

1

RFQXPO74635.doc.rtf

windows7-x64

10

RFQXPO74635.doc.rtf

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    RFQXPO74635.doc.bin

  • Size

    28KB

  • Sample

    230507-k8rx4adg56

  • MD5

    9d09b6e9bf068e83c78afe33f9857c7b

  • SHA1

    ad5661ad76c507cc12a402149734ea0648bfcca2

  • SHA256

    90c7a131f11a2e5450a63faac63226a405fe42398f13db2e1b352a3eeba4ad2b

  • SHA512

    108e7e0651a75e12acd7de6af07b7d3be459417369c0f22d97aa4e2506303e5eff0dddb19de94b41ccc6c62d05a5cbb89b33b948ea7a99283972062e9d4ff3e3

  • SSDEEP

    768:awAbZSMn/Ujehmm30m6OgP8EjzVOOio5F:awAlDiwlxnDEjzriA

Score
10/10
formbookgtt8ratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

gtt8

Decoy

thesuccessbot.com

rittercivil.com

jt1.fun

d365extension.com

quqoxeq.top

visittworiverswi.com

bfprotienda.com

greenhabitsph.com

ladmere.com

clockboutiques.com

minwart.xyz

xinyuejiancai.online

eggsl.com

fetchingcandles.com

skywatiniya.com

hinkley.news

realityonlineenterprises.com

teamcroissant.com

esfera-pv.ch

herdadedosmontesbastos.com

Targets

    • Target

      RFQXPO74635.doc.bin

    • Size

      28KB

    • MD5

      9d09b6e9bf068e83c78afe33f9857c7b

    • SHA1

      ad5661ad76c507cc12a402149734ea0648bfcca2

    • SHA256

      90c7a131f11a2e5450a63faac63226a405fe42398f13db2e1b352a3eeba4ad2b

    • SHA512

      108e7e0651a75e12acd7de6af07b7d3be459417369c0f22d97aa4e2506303e5eff0dddb19de94b41ccc6c62d05a5cbb89b33b948ea7a99283972062e9d4ff3e3

    • SSDEEP

      768:awAbZSMn/Ujehmm30m6OgP8EjzVOOio5F:awAlDiwlxnDEjzriA

    Score
    10/10
    formbookgtt8ratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

1
T1059

Exploitation for Client Execution

1
T1203

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

3
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks