formbook | 2d8474bdd8b6122aa79a3b86f729f9aa4f83a2ccf6a51ab510d753b47fc01189 | Triage

Resubmissions

10-08-2020 08:42

200810-12br5knqes 10

Sharing

General

Target

N5teSBoBlVySUoq.exe
Size

501KB
Sample

200810-12br5knqes
MD5

6c914ab41b3b8fcd47d2b52458aa98ac
SHA1

dc01e0c3bca0facd2f4838ac42b94ff0c3c88bd1
SHA256

2d8474bdd8b6122aa79a3b86f729f9aa4f83a2ccf6a51ab510d753b47fc01189
SHA512

44cb0d199025cbf4bc6b6fedca53bc6aed9f676c436ded8a88eefef12a846d3ed8fb612bc9713cea6a7bd2d07fac88a009e1c659379cec43aa571fa69d800984

Score

10^/10

formbook evasion rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

C2

http://www.mansiobok.info/h8ofs/

Decoy

totum-community.com

fintechguardian.com

playwithyourkid.com

jeanstrousers.com

alimentosprobioticos.com

innovationembassies.net

qmfwig.men

choose-vida.com

mcmontagem.com

2math4all.com

ubersize.com

epicmediasv.com

kombipetektemizligi.com

provinsijawabarat.com

godhasanaddress.com

neural.link

mobiola.biz

kuckoorock.com

hideawaytrails.com

coolbrunettegirlsvideo.site

Targets

- Target
  
  N5teSBoBlVySUoq.exe
- Size
  
  501KB
- MD5
  
  6c914ab41b3b8fcd47d2b52458aa98ac
- SHA1
  
  dc01e0c3bca0facd2f4838ac42b94ff0c3c88bd1
- SHA256
  
  2d8474bdd8b6122aa79a3b86f729f9aa4f83a2ccf6a51ab510d753b47fc01189
- SHA512
  
  44cb0d199025cbf4bc6b6fedca53bc6aed9f676c436ded8a88eefef12a846d3ed8fb612bc9713cea6a7bd2d07fac88a009e1c659379cec43aa571fa69d800984
Score

10^/10

rat evasion trojan spyware stealer formbook
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Deletes itself
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ratevasiontrojanspywarestealerformbook

behavioral2

rattrojanspywarestealerformbook