formbook

General

Target

6b9167056af49bf702c833ae4f581ef1.rtf
Size

561KB
Sample

240625-qb3k8avbkp
MD5

6b9167056af49bf702c833ae4f581ef1
SHA1

ed4886d86b8ad96a0a252190705d70e0fac9289b
SHA256

13bc94a2f39a03f509036ff58462b974c401cac0df52cce22223114f909b2f72
SHA512

4ba4fc52c2add76cb58cec62f9ae608108aa77374c63c4416f4e5c2ac0fc4bf3569f3520e1ac77994842789015c767d3bb2dd1d384221d5fa865ab54bfc51a07
SSDEEP

6144:dwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAuB+2:dB

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

btrd

Decoy

everslane.com

prairieviewelectric.online

dszvhgd.com

papamuch.com

8129k.vip

jeffreestar.gold

bestguestrentals.com

nvzhuang1.net

anangtoto.com

yxfgor.top

practicalpoppers.com

thebestanglephotography.online

koormm.top

criika.net

audioflow.online

380747.net

jiuguanwang.net

bloxequities.com

v321c.com

sugar.monster

Targets

- Target
  
  6b9167056af49bf702c833ae4f581ef1.rtf
- Size
  
  561KB
- MD5
  
  6b9167056af49bf702c833ae4f581ef1
- SHA1
  
  ed4886d86b8ad96a0a252190705d70e0fac9289b
- SHA256
  
  13bc94a2f39a03f509036ff58462b974c401cac0df52cce22223114f909b2f72
- SHA512
  
  4ba4fc52c2add76cb58cec62f9ae608108aa77374c63c4416f4e5c2ac0fc4bf3569f3520e1ac77994842789015c767d3bb2dd1d384221d5fa865ab54bfc51a07
- SSDEEP
  
  6144:dwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAuB+2:dB
Score

10^/10

formbook btrd rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Exploitation for Client Execution

1

T1203

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Blocklisted process makes network request

Downloads MZ/PE file

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2