formbook

General

Target

MT103-BIBBC2164179.docx.doc
Size

11KB
Sample

230815-mpyyeaac43
MD5

d5c875d48395594a5f4a25ff59ccde28
SHA1

e0750716e3b086d692fb3075ea50bf958bbc0ccf
SHA256

afa0e5ddccbe8110c99d9e4095c76f05ea618c26d5760d13aad456da2a2ebbaa
SHA512

16963317bb558ff81e11ad99b5a4320e224bff6a543191ec0e7ef2c38ef8aa814e28f2d937b434f0cd23c7abbb1a98ea1596506e6cd4b59d3f71bacdacdbd64d
SSDEEP

192:6ya0N5H4fWA4N5eNA2A+EnVs+mg1SoBmJY+O36PvJKzkXY9PcWexm+S:6yX5H4fWAu5+A2bkBdBmJY+OqPOkI9PD

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

oy30

Decoy

rfc234.top

danielcavalari.com

elperegrinocabo.com

aryor.info

surelistening.com

premium-numero-telf.buzz

orlynyml.click

tennislovers-ro.com

holdmytracker.com

eewapay.com

jaimesinstallglass.com

damactrade.net

swapspecialities.com

perfumesrffd.today

salesfactory.pro

supportive-solutions.com

naiol.com

khoyr.com

kalendeargpt44.com

web-tech-spb.store

Targets

- Target
  
  MT103-BIBBC2164179.docx.doc
- Size
  
  11KB
- MD5
  
  d5c875d48395594a5f4a25ff59ccde28
- SHA1
  
  e0750716e3b086d692fb3075ea50bf958bbc0ccf
- SHA256
  
  afa0e5ddccbe8110c99d9e4095c76f05ea618c26d5760d13aad456da2a2ebbaa
- SHA512
  
  16963317bb558ff81e11ad99b5a4320e224bff6a543191ec0e7ef2c38ef8aa814e28f2d937b434f0cd23c7abbb1a98ea1596506e6cd4b59d3f71bacdacdbd64d
- SSDEEP
  
  192:6ya0N5H4fWA4N5eNA2A+EnVs+mg1SoBmJY+O36PvJKzkXY9PcWexm+S:6yX5H4fWAu5+A2bkBdBmJY+OqPOkI9PD
Score

10^/10

formbook oy30 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1

T1059

Exploitation for Client Execution

1

T1203

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Blocklisted process makes network request

Downloads MZ/PE file

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2