formbook

General

Target

SecuriteInfo.com.Exploit.CVE-2018-0798.4.13523.31964.rtf
Size

138KB
Sample

240110-t3mwmacae9
MD5

12135005a3185366b4b27c706f1d0526
SHA1

11c701479e96c20ce16c3eb6e0e3d2249fd25ba0
SHA256

13b1f7955a9cf96f79b39effd8d08940cc7998c3aa934047a48ed3157d5a6db9
SHA512

3259b2c6b3aa8cf195521c9d85c899a3ebc9328597833ba5181bcd2421a9b5d65fcf468050b57933de5158e8501b8b00a1101a52fef7a0b6eebb25dcebf8a35a
SSDEEP

768:ewAbZSibMX9gRWjtwAbZSibMX9gRWjhxsceh5IohhYZK3rad35:ewAlRkwAlR6Kh5HhhGK3ud35

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

sg36

Decoy

cookfranschhoek.com

rajaslot138.today

eightfigureroundtable.com

sdklwdz.com

novaturienthealth.com

sk87k.xyz

defoutenmakers.online

eadsanuncios.com

drewkav.com

car-insurance-94416.bond

m3nm.site

6vab.site

towing-barnesville.top

authentifizierung-beginnen.com

thejmfc.com

beggiapizza.site

gttsfibermill.com

cdugood.com

dominiongeneralcontractors.com

deprepagos.com

Targets

- Target
  
  SecuriteInfo.com.Exploit.CVE-2018-0798.4.13523.31964.rtf
- Size
  
  138KB
- MD5
  
  12135005a3185366b4b27c706f1d0526
- SHA1
  
  11c701479e96c20ce16c3eb6e0e3d2249fd25ba0
- SHA256
  
  13b1f7955a9cf96f79b39effd8d08940cc7998c3aa934047a48ed3157d5a6db9
- SHA512
  
  3259b2c6b3aa8cf195521c9d85c899a3ebc9328597833ba5181bcd2421a9b5d65fcf468050b57933de5158e8501b8b00a1101a52fef7a0b6eebb25dcebf8a35a
- SSDEEP
  
  768:ewAbZSibMX9gRWjtwAbZSibMX9gRWjhxsceh5IohhYZK3rad35:ewAlRkwAlR6Kh5HhhGK3ud35
Score

10^/10

formbook sg36 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Exploitation for Client Execution

1

T1203

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Blocklisted process makes network request

Downloads MZ/PE file

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2