formbook

General

Target

BID-758472938.doc
Size

122KB
Sample

230816-gj57msfh96
MD5

13a3f6521c13ba0c632db67c7041c977
SHA1

5dd8153d6daa7d000fbb5c9c9760bc2f57b27a1c
SHA256

409992d0436f5256bc7bf86bbe08d7c41d13103c59f1cfc35885d1608a3e7286
SHA512

410fa352b9ae96e604f07c7b1ecd34fe24b6d80fed05cfd2dde6b9e5c5c22a8419a6c7463d7234706dd76f8e6b2de2d44f3a18bd6c5c8286d2decd7373cbc01b
SSDEEP

768:vwAbZSibMX9gRWjzAvwVO4xNX027K0zNKiCzaYF4bwvvh1D6:vwAlRsAvH4fX023zv95wvvS

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

oy30

Decoy

rfc234.top

danielcavalari.com

elperegrinocabo.com

aryor.info

surelistening.com

premium-numero-telf.buzz

orlynyml.click

tennislovers-ro.com

holdmytracker.com

eewapay.com

jaimesinstallglass.com

damactrade.net

swapspecialities.com

perfumesrffd.today

salesfactory.pro

supportive-solutions.com

naiol.com

khoyr.com

kalendeargpt44.com

web-tech-spb.store

Targets

- Target
  
  BID-758472938.doc
- Size
  
  122KB
- MD5
  
  13a3f6521c13ba0c632db67c7041c977
- SHA1
  
  5dd8153d6daa7d000fbb5c9c9760bc2f57b27a1c
- SHA256
  
  409992d0436f5256bc7bf86bbe08d7c41d13103c59f1cfc35885d1608a3e7286
- SHA512
  
  410fa352b9ae96e604f07c7b1ecd34fe24b6d80fed05cfd2dde6b9e5c5c22a8419a6c7463d7234706dd76f8e6b2de2d44f3a18bd6c5c8286d2decd7373cbc01b
- SSDEEP
  
  768:vwAbZSibMX9gRWjzAvwVO4xNX027K0zNKiCzaYF4bwvvh1D6:vwAlRsAvH4fX023zv95wvvS
Score

10^/10

formbook oy30 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Exploitation for Client Execution

1

T1203

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Blocklisted process makes network request

Downloads MZ/PE file

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2