Malware-Analysis/Formbook-maldoc.md at main · dodo-sec/Malware-Analysis
Tags
country: Russia
attack-pattern: Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Software - T1592.002 Tool - T1588.002 Powershell - T1086
Show in Graph
Common Information
Type Value
UUID f3e19f84-510b-4fbd-ac7b-3e06bea28018
Fingerprint b808896769f612c9
Analysis status DONE
Considered CTI value 2
Text language
Published Sept. 2, 2022, midnight
Added to db Jan. 16, 2023, 3:55 p.m.
Last updated Nov. 17, 2024, 6:54 p.m.
Headline Name already in use
Title Malware-Analysis/Formbook-maldoc.md at main · dodo-sec/Malware-Analysis
Detected Hints/Tags/Attributes 31/2/25
Source URLs
Redirection Url
Details Source https://github.com/dodo-sec/Malware-Analysis/blob/main/Formbook/Formbook-maldoc.md
URL Provider
Details Provider Source level domain
Details github.com github.com
Attributes
Details Type #Events CTI Value
Details Domain 1 
formbook-maldoc.md
Details Domain 14 
rtfdump.py
Details Domain 6 
rtfobj.py
Details Domain 707 
google.com
Details Domain 1 
s8.krakenfiles.com
Details Domain 228 
system.io
Details Domain 1 
0xbffff290q.read
Details File 14 
rtfdump.py
Details File 6 
rtfobj.py
Details File 3 
client.vbs
Details File 11 
slmgr.vbs
Details File 816 
index.html
Details File 36 
compression.gzip
Details File 10 
'calc.exe
Details File 32 
image.jpg
Details File 1 
%localappdata%\microsoft\windows\caches\client.vbs
Details File 1 
%temp%\client.vbs
Details File 1 
cryptowinrt.dll
Details sha256 1 
f443d54ed21c034b61c6e71a4f4705f33684d36b5784aa997461a88e99dc5202
Details sha256 1 
52f127241564cff0e09f80e224f43307e991b6cc0a87f1d7d1f4c240a44dc858
Details sha256 1 
af97c93d9e8e172fcd9845b992cbe868554d211379d350912f785ce420af3555
Details sha256 1 
a8e12cad3d78c23d49c546b68ea792cfe8b9735f3c549da59921d168de7dbfff
Details IPv4 2 
188.114.96.0
Details Url 1 
https://s8.krakenfiles.com/uploads/31-08-2022/b1yw0q6hai/image.jpg
Details Windows Registry Key 1 
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\RtkAudUService64