formbook

General

Target

3f9c2a2bac5e829fd61db15ffda44387442cd91f7d84bb3d8e28b19c9ac098b0.doc
Size

16KB
Sample

240626-bj5cfsvfrg
MD5

e86424648b277754b74e507d51878e71
SHA1

e86498df0eb2a8514e0d55f9a33148779bf5b66d
SHA256

3f9c2a2bac5e829fd61db15ffda44387442cd91f7d84bb3d8e28b19c9ac098b0
SHA512

59c3c950a0f450b895b091fdf7f9664ed75124be0b7c699631b0a753bef062304151e1e58b3dfcc2032e819f339336c996482a6de94eee3e6327d24e8c51f84c
SSDEEP

384:0yXRxAxW4s8PL8wi4OEwH8TIbE91r2fR8JYbvimVmPFM:0cRM/5P3DOqnYJ6qvfVmPG

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

btrd

Decoy

everslane.com

prairieviewelectric.online

dszvhgd.com

papamuch.com

8129k.vip

jeffreestar.gold

bestguestrentals.com

nvzhuang1.net

anangtoto.com

yxfgor.top

practicalpoppers.com

thebestanglephotography.online

koormm.top

criika.net

audioflow.online

380747.net

jiuguanwang.net

bloxequities.com

v321c.com

sugar.monster

Targets

- Target
  
  3f9c2a2bac5e829fd61db15ffda44387442cd91f7d84bb3d8e28b19c9ac098b0.doc
- Size
  
  16KB
- MD5
  
  e86424648b277754b74e507d51878e71
- SHA1
  
  e86498df0eb2a8514e0d55f9a33148779bf5b66d
- SHA256
  
  3f9c2a2bac5e829fd61db15ffda44387442cd91f7d84bb3d8e28b19c9ac098b0
- SHA512
  
  59c3c950a0f450b895b091fdf7f9664ed75124be0b7c699631b0a753bef062304151e1e58b3dfcc2032e819f339336c996482a6de94eee3e6327d24e8c51f84c
- SSDEEP
  
  384:0yXRxAxW4s8PL8wi4OEwH8TIbE91r2fR8JYbvimVmPFM:0cRM/5P3DOqnYJ6qvfVmPG
Score

10^/10

formbook btrd rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Abuses OpenXML format to download file from external location
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Exploitation for Client Execution

1

T1203

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

3

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Blocklisted process makes network request

Downloads MZ/PE file

Abuses OpenXML format to download file from external location

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2