Overview

overview

10

Static

static

1

b55514140e...9.xlsx

windows7-x64

10

b55514140e...9.xlsx

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b55514140eae59c1165c37832add73bc70bcdae99064f0db4d367489d3686b79

  • Size

    1.6MB

  • Sample

    241223-1zqaxasrhm

  • MD5

    fc26e7a21f30220ba8d15d1353cd8900

  • SHA1

    5cb3ad06056613737a92fda431150323c5d031e0

  • SHA256

    b55514140eae59c1165c37832add73bc70bcdae99064f0db4d367489d3686b79

  • SHA512

    47f321ab48ea88f6dd736f3b449b8d3594b066768d299db247a68ce979e1a71b4528a83c65c7695ee7825e2bed0a0fcfe77478b9b4b4558005adda7e54f5a147

  • SSDEEP

    24576:Y/uZZwwdADajS+sAlVQtGsm07Z5bjycbd8tWLDa3+Fq5kkYRHQK2i4977LWhovBF:PZXW+s3GTGZ53R7L8K+97HXzc22w

Score
10/10
formbookhwu6discoveryratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

hwu6

Decoy

lf758.vip

locerin-hair.shop

vytech.net

pet-insurance-intl-7990489.live

thepolithat.buzz

d66dr114gl.bond

suv-deals-49508.bond

job-offer-53922.bond

drstone1.click

lebahsemesta57.click

olmanihousel.shop

piedmontcsb.info

trisula888x.top

66sodovna.net

dental-implants-83810.bond

imxtld.club

frozenpines.net

ffgzgbl.xyz

tlc7z.rest

alexismuller.design

Targets

    • Target

      b55514140eae59c1165c37832add73bc70bcdae99064f0db4d367489d3686b79

    • Size

      1.6MB

    • MD5

      fc26e7a21f30220ba8d15d1353cd8900

    • SHA1

      5cb3ad06056613737a92fda431150323c5d031e0

    • SHA256

      b55514140eae59c1165c37832add73bc70bcdae99064f0db4d367489d3686b79

    • SHA512

      47f321ab48ea88f6dd736f3b449b8d3594b066768d299db247a68ce979e1a71b4528a83c65c7695ee7825e2bed0a0fcfe77478b9b4b4558005adda7e54f5a147

    • SSDEEP

      24576:Y/uZZwwdADajS+sAlVQtGsm07Z5bjycbd8tWLDa3+Fq5kkYRHQK2i4977LWhovBF:PZXW+s3GTGZ53R7L8K+97HXzc22w

    Score
    10/10
    formbookhwu6discoveryratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook family

      formbook

    • Formbook payload

      rat

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks