formbook

General

Target

Payment - Swift Copy.exe
Size

743KB
Sample

201125-933antcat2
MD5

68dd5dd82f770a8c4c0b81c6d79abe14
SHA1

b9358c149083df8f9dd2bc1378eb83806f548ab8
SHA256

95deccdc9ef87962793e87e162d62c1d07c56dbae3b964d93e79c190f38183f7
SHA512

a20bb96988c130f56c3c3e77a63e75d3403f63ddbaba35d5edc329b9c210801b555a2eb4a405576a17dd74d764f1b87c3789f92d373f3cd345927897893b6b80

Score

10^/10

Malware Config

Extracted

Family

formbook

C2

http://www.danneroll.com/mnc/

Decoy

yicaiboli.com

litercoconut.icu

virtuallyfriday.com

joshuahumphreyproperty.com

mercedes-dieselclaims.com

rock-leaf.com

sandglasshours.com

pooldeckpatiodriveway.com

forenvid.com

wasserfuhr-gmbh.com

rizosmil.com

alberletgyor.com

besafetexting.com

ladoctoracorazon.net

prettyassframes.com

meetyourwish.com

achefskiss.com

parulata.com

thang8-freefirevn2.xyz

statuniverse.com

Targets

- Target
  
  Payment - Swift Copy.exe
- Size
  
  743KB
- MD5
  
  68dd5dd82f770a8c4c0b81c6d79abe14
- SHA1
  
  b9358c149083df8f9dd2bc1378eb83806f548ab8
- SHA256
  
  95deccdc9ef87962793e87e162d62c1d07c56dbae3b964d93e79c190f38183f7
- SHA512
  
  a20bb96988c130f56c3c3e77a63e75d3403f63ddbaba35d5edc329b9c210801b555a2eb4a405576a17dd74d764f1b87c3789f92d373f3cd345927897893b6b80
Score

10^/10

formbook rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2