formbook

General

Target

a96253a4b8d3dc0d9cece5aa9145813d.exe
Size

926KB
Sample

201204-qkafmb93ts
MD5

a96253a4b8d3dc0d9cece5aa9145813d
SHA1

1d318d45b369768974b793415243b2f120ac21da
SHA256

9603997de7895ccfbd7b9493e7c64a9a089adc98a4929308ff74f18e88f9eac7
SHA512

92b6695b9e0078433f7f02e4a7542d1082280c92fbe5580815faf79ff3e0671ed4aea4489a354a382025363d91911665080a8f87286dd2332ce3cb3e5a409921

Score

10^/10

Malware Config

Extracted

Family

formbook

C2

http://www.poweruppowerwashing.com/21m/

Decoy

eoirfdklelkfdlfmd.com

veteransforgolden.com

psychtalent.com

crusder-coffee.com

sydneydetective.com

judahbbqjerk.com

core-sys.com

fukaikeji.com

xn--jpr220deud640b.com

joker91.com

artbyprslla.com

sms-email.xyz

coobook.credit

growerfertilizer.com

dollarbillnow1.com

alcanfor.net

tightsharkpoker.com

liveforlebanon.com

edupods.net

passoverindubai.com

Targets

- Target
  
  a96253a4b8d3dc0d9cece5aa9145813d.exe
- Size
  
  926KB
- MD5
  
  a96253a4b8d3dc0d9cece5aa9145813d
- SHA1
  
  1d318d45b369768974b793415243b2f120ac21da
- SHA256
  
  9603997de7895ccfbd7b9493e7c64a9a089adc98a4929308ff74f18e88f9eac7
- SHA512
  
  92b6695b9e0078433f7f02e4a7542d1082280c92fbe5580815faf79ff3e0671ed4aea4489a354a382025363d91911665080a8f87286dd2332ce3cb3e5a409921
Score

10^/10

formbook rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1

T1053

Persistence

Scheduled Task

1

T1053

Privilege Escalation

Scheduled Task

1

T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2