formbook

General

Target

62763ea99a08c8de0139281ea02be501.rtf
Size

64KB
Sample

240321-fppleade41
MD5

62763ea99a08c8de0139281ea02be501
SHA1

99f481ad361658bbe70f3adf1e558131af3fce3f
SHA256

41877fb7bc2bfb83e6ec4b28dc8be3fd3182ea2502c45b1b1447b72b76702ef5
SHA512

59258268b516af6ba0a21c895c500e9ebb0661536f9e68def8785b4d914db0ab311b8c6ad48516cf1adbac00ce19e78d4cdef67c38d12145b7ba55b30f23e3d3
SSDEEP

768:Ho80bq+yIoO1DkC1bTHSoowmC9cNnffEDTrdtv8CdmRZVFsBEU:XetytO11bTHSoowmC9cNf2rdty/MEU

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

rc2i

Decoy

alphatierofficial.online

nrk888.com

jolosobgoh.com

xn--fiq07xcnfrep5pz43a.com

bankingvt.com

bhadgaonwitc.best

providenceweightloss.com

thehouseofroyals.llc

ndxick.cfd

80x2.net

southpole.blue

buisnesswithjos.com

8thbit.net

jointanglediagnostics.com

poppyandpetunia.shop

iamtaylordarling.com

liftdetoxblack.pro

suntohomestore.com

simsonic.net

eliteinfinitygroupoficial.com

Targets

- Target
  
  62763ea99a08c8de0139281ea02be501.rtf
- Size
  
  64KB
- MD5
  
  62763ea99a08c8de0139281ea02be501
- SHA1
  
  99f481ad361658bbe70f3adf1e558131af3fce3f
- SHA256
  
  41877fb7bc2bfb83e6ec4b28dc8be3fd3182ea2502c45b1b1447b72b76702ef5
- SHA512
  
  59258268b516af6ba0a21c895c500e9ebb0661536f9e68def8785b4d914db0ab311b8c6ad48516cf1adbac00ce19e78d4cdef67c38d12145b7ba55b30f23e3d3
- SSDEEP
  
  768:Ho80bq+yIoO1DkC1bTHSoowmC9cNnffEDTrdtv8CdmRZVFsBEU:XetytO11bTHSoowmC9cNf2rdty/MEU
Score

10^/10

formbook rc2i rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Blocklisted process makes network request
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Exploitation for Client Execution

1

T1203

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Blocklisted process makes network request

Drops file in System32 directory

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2