Overview

overview

10

Static

static

1

2.xlsx

windows7-x64

10

2.xlsx

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2.xlsx

  • Size

    1.8MB

  • Sample

    241223-mtl5eaynhk

  • MD5

    12c9bfe6cd73a3a6da2db29e0a548f8e

  • SHA1

    6a9a647753681a6056686f7c800f8b41506e1dcf

  • SHA256

    5859508ecc59571d71bed688f36f5ce3366b0f4a4f59566f0fc2014f8c277d3d

  • SHA512

    231f4220234fc76e217f421bd8215cd43238dc3b05e223c2af331b99509d1a67741c37c7224fffb200b4427c4315d6353fc3e3ef2c1ebe99750b89d1da959fc3

  • SSDEEP

    49152:8ZLyOfkDNsweTKJxn3IFT7yzeCUrDTBOXcV+02In9tQ:8ZLyOcD6wDh4Vc0ToXcU/W9tQ

Score
10/10
formbookhwu6discoveryratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

hwu6

Decoy

lf758.vip

locerin-hair.shop

vytech.net

pet-insurance-intl-7990489.live

thepolithat.buzz

d66dr114gl.bond

suv-deals-49508.bond

job-offer-53922.bond

drstone1.click

lebahsemesta57.click

olmanihousel.shop

piedmontcsb.info

trisula888x.top

66sodovna.net

dental-implants-83810.bond

imxtld.club

frozenpines.net

ffgzgbl.xyz

tlc7z.rest

alexismuller.design

Targets

    • Target

      2.xlsx

    • Size

      1.8MB

    • MD5

      12c9bfe6cd73a3a6da2db29e0a548f8e

    • SHA1

      6a9a647753681a6056686f7c800f8b41506e1dcf

    • SHA256

      5859508ecc59571d71bed688f36f5ce3366b0f4a4f59566f0fc2014f8c277d3d

    • SHA512

      231f4220234fc76e217f421bd8215cd43238dc3b05e223c2af331b99509d1a67741c37c7224fffb200b4427c4315d6353fc3e3ef2c1ebe99750b89d1da959fc3

    • SSDEEP

      49152:8ZLyOfkDNsweTKJxn3IFT7yzeCUrDTBOXcV+02In9tQ:8ZLyOcD6wDh4Vc0ToXcU/W9tQ

    Score
    10/10
    formbookhwu6discoveryratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook family

      formbook

    • Formbook payload

      rat

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks