formbook

General

Target

Shipment Document BLINV And Packing List Attached.exe
Size

747KB
Sample

201125-bhyc913als
MD5

7256f55e3799e137d508dd414840f875
SHA1

a44d83cd22588ae93e01a66fc10f07e59de2ae56
SHA256

1878871ffe22529eff69bc07e62350532cbd2a830874bc090c9c72c2b8742a24
SHA512

cb44f68b999157bfcb01712caf261d887e5f09b86a8bd810d23871d594f67ce1130f26455707e197785945115f01ec37f448c5923010b52555e34e4f97e3f3f6

Score

10^/10

Malware Config

Extracted

Family

formbook

C2

http://www.pamforprogress.com/bg8v/

Decoy

patrickzajda.com

40ye.com

foxyivys.com

higherstatusfreebook.com

pharmxpert.net

buyinglover.com

eresuli.com

officerrustensheskey.com

ghoster.agency

susanchanportfolio.com

etreunheros.com

yavcxas.com

jasonrbradwell.com

tods.info

hawksltd.com

rankpicker.net

rachelraydiet.com

foolishdrivers.com

amtpsychology.com

hffc365.com

Targets

- Target
  
  Shipment Document BLINV And Packing List Attached.exe
- Size
  
  747KB
- MD5
  
  7256f55e3799e137d508dd414840f875
- SHA1
  
  a44d83cd22588ae93e01a66fc10f07e59de2ae56
- SHA256
  
  1878871ffe22529eff69bc07e62350532cbd2a830874bc090c9c72c2b8742a24
- SHA512
  
  cb44f68b999157bfcb01712caf261d887e5f09b86a8bd810d23871d594f67ce1130f26455707e197785945115f01ec37f448c5923010b52555e34e4f97e3f3f6
Score

10^/10

formbook rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2