formbook | ad167c04c640a9777e7b6bb420e64b5cc46a0fd588820f6895420991465944a0 | Triage

Submit
Reports

Overview

overview

Static

static

1

30% Paymen...pt.rtf

windows7-x64

30% Paymen...pt.rtf

windows10-2004-x64

1

Sharing

General

Target

30% Payment Receipt.doc
Size

42KB
Sample

230626-kf6wjsaa2y
MD5

d4bc695be1f64cb89c061b21b06815a2
SHA1

4056cdfa99fe137e1324be62763aee23d1990eb7
SHA256

ad167c04c640a9777e7b6bb420e64b5cc46a0fd588820f6895420991465944a0
SHA512

1ddb705be7d901acd7f9889bdfb4491ce4c5a9619884f083c79ac4046285d786e54ce6aabcf4eacbf6fc522804c27b8cc88f20b5077ef249d0f9c93390806221
SSDEEP

768:rFx0XaIsnPRIa4fwJMo30VYWEfOH/cNUWTL4QUATxZA9fSP3/Uz+o4KSAIR:rf0Xvx3EMo32YWEfrkVAV//Uz+o46IR

Score

10^/10

formbook xchu rat spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

30% Payment Receipt.rtf

Resource

win7-20230621-en

formbook xchu rat spyware stealer trojan

windows7-x64

21 signatures

150 seconds

Behavioral task

behavioral2

Sample

30% Payment Receipt.rtf

Resource

win10v2004-20230621-en

windows10-2004-x64

4 signatures

150 seconds

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

xchu

Decoy

zcartoons.com

castilloshowroom.com

3bmmdtod.life

misaxoxo.com

nadiya.online

sykkbup29.xyz

triciaaprimrosevp.com

newleter.com

ptzslk.xyz

lightbulbfestival.com

texaslandline.com

ideeintemporelle.com

girljustdoitpodcast.com

medimediamarketing.com

bunk7outfitters.com

charlievgrfminnick.click

lifestyleinthehome.com

atfbestsale.online

frontdoorproperties.co.uk

grandpaswag2024.info

masterbidbox.com

twinmall.xyz

apihb.com

tanbuhelir.com

excortclub.com

avxxxtube.com

dayonetaxes.com

xx7zncjthyo.xyz

barhat-dance.online

wxbaonayue.com

sorunsuzyayinburada9.shop

so-do-to.com

bonettr.com

gosucculents.com

axcelus.mobi

elityou.com

82163.xyz

ugfc.monster

wxxinglong.com

fleurdelis-ksa.com

australiaxxxhookup.com

hieu.asia

lailashawa.com

littlefoxgrp.com

modi.codes

frenchmattie.com

francoishogue-rpg.com

ntzb1.vip

adfoidoas.shop

meter-ooh.com

mamarosarienne.online

sharonmevans.com

ccapltal.com

ewardsrq.com

rgmtrucking.com

nilhanzsa.net

prodemtim-healthy-gums.com

aviationsoftware.aero

frog.lol

hauntingmedia.com

newindianewsnetwork.com

calfamfitclasses.net

sparrow-coffee.com

centralcoastquotes.com

tangocitymoscow.com

Targets

- Target
  
  30% Payment Receipt.doc
- Size
  
  42KB
- MD5
  
  d4bc695be1f64cb89c061b21b06815a2
- SHA1
  
  4056cdfa99fe137e1324be62763aee23d1990eb7
- SHA256
  
  ad167c04c640a9777e7b6bb420e64b5cc46a0fd588820f6895420991465944a0
- SHA512
  
  1ddb705be7d901acd7f9889bdfb4491ce4c5a9619884f083c79ac4046285d786e54ce6aabcf4eacbf6fc522804c27b8cc88f20b5077ef249d0f9c93390806221
- SSDEEP
  
  768:rFx0XaIsnPRIa4fwJMo30VYWEfOH/cNUWTL4QUATxZA9fSP3/Uz+o4KSAIR:rf0Xvx3EMo32YWEfrkVAV//Uz+o46IR
Score

10^/10

formbook xchu rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

formbookxchuratspywarestealertrojan

behavioral2

© 2018-2024

Terms | Privacy