Overview

overview

10

Static

static

1

January 10...on.rtf

windows7-x64

10

January 10...on.rtf

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    January 10, 2024_Arkema_Order_Specification.doc

  • Size

    148KB

  • Sample

    240110-naplvsfbg8

  • MD5

    84011c57a996b6ad4a5a2025b7e8debe

  • SHA1

    8025e17b5409eba44ba4003330e54c7a235062cd

  • SHA256

    0bf25515757d4679e3ae71532d7265e2c769574dd83ad3dffee9079cbaf08101

  • SHA512

    f64499973f5ba834617594bffd73011ea3fbcfcf1d928d07e8fd73b4a5a5c0905005ec5d9f0c2122fa0b1aca48bc098a5be48e697fe3dbca6dffd15253b20bdc

  • SSDEEP

    768:1wAbZSibMX9gRWjtwAbZSibMX9gRWjmdGMrkyh41ZPRppWF7y20Vmggu6:1wAlRkwAlRzvk/ZpppWF7yXt6

Score
10/10
formbooksg36ratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

sg36

Decoy

cookfranschhoek.com

rajaslot138.today

eightfigureroundtable.com

sdklwdz.com

novaturienthealth.com

sk87k.xyz

defoutenmakers.online

eadsanuncios.com

drewkav.com

car-insurance-94416.bond

m3nm.site

6vab.site

towing-barnesville.top

authentifizierung-beginnen.com

thejmfc.com

beggiapizza.site

gttsfibermill.com

cdugood.com

dominiongeneralcontractors.com

deprepagos.com

Targets

    • Target

      January 10, 2024_Arkema_Order_Specification.doc

    • Size

      148KB

    • MD5

      84011c57a996b6ad4a5a2025b7e8debe

    • SHA1

      8025e17b5409eba44ba4003330e54c7a235062cd

    • SHA256

      0bf25515757d4679e3ae71532d7265e2c769574dd83ad3dffee9079cbaf08101

    • SHA512

      f64499973f5ba834617594bffd73011ea3fbcfcf1d928d07e8fd73b4a5a5c0905005ec5d9f0c2122fa0b1aca48bc098a5be48e697fe3dbca6dffd15253b20bdc

    • SSDEEP

      768:1wAbZSibMX9gRWjtwAbZSibMX9gRWjmdGMrkyh41ZPRppWF7y20Vmggu6:1wAlRkwAlRzvk/ZpppWF7yXt6

    Score
    10/10
    formbooksg36ratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Exploitation for Client Execution

1
T1203

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks