Overview

overview

10

Static

static

1

MT103-746394.rtf

windows7-x64

10

MT103-746394.rtf

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    MT103-746394.doc

  • Size

    465KB

  • Sample

    240624-s8r7vszeqe

  • MD5

    fd8649f8d7287ef36bdcec7f9b2f98c9

  • SHA1

    3e0d4305545d69aa47e741061adaf2a044d01d0d

  • SHA256

    25128aab1edb1b7db3940787f0ae45722ea36b0a3e2423a155ea5618fab2af85

  • SHA512

    308a4d5bbb969d34e448591e9caa1d4138ae25a2f8573d3f220de1487cb2ac3ebe08b3736d64e7d11f4cd46dbc867a2e5d5db7ceba89e2b382b74fb363863660

  • SSDEEP

    6144:4wAYwAYwAYwAYwAYwAYwAYwAYwAYwAqFm4NvfB/0:T

Score
10/10
formbookbi09ratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

bi09

Decoy

fayenterprises.online

anekagaminghk.rest

mina-chan.site

theselfcarefaire.com

progym.app

cherishedtimes.space

gkrp9s016x.icu

api288-s-rtp.online

chikankari.shop

annarosellc.com

lcloud.services

aisuitability.com

sks41.com

7779c1.vip

tunasolution.click

nexbetwin.com

huatless.quest

junroptskdyued.shop

yourwellnesseq.com

zcymc.top

Targets

    • Target

      MT103-746394.doc

    • Size

      465KB

    • MD5

      fd8649f8d7287ef36bdcec7f9b2f98c9

    • SHA1

      3e0d4305545d69aa47e741061adaf2a044d01d0d

    • SHA256

      25128aab1edb1b7db3940787f0ae45722ea36b0a3e2423a155ea5618fab2af85

    • SHA512

      308a4d5bbb969d34e448591e9caa1d4138ae25a2f8573d3f220de1487cb2ac3ebe08b3736d64e7d11f4cd46dbc867a2e5d5db7ceba89e2b382b74fb363863660

    • SSDEEP

      6144:4wAYwAYwAYwAYwAYwAYwAYwAYwAYwAqFm4NvfB/0:T

    Score
    10/10
    formbookbi09ratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

Exploitation for Client Execution

1
T1203

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

3
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks