formbook | b6247c787ec362f884203a581049a638a59a9db8dc6bac8cb88869a45704dfc9 | Triage

Sharing

General

Target

SWIFTY COPY.exe
Size

745KB
Sample

201204-zxmadjl8w6
MD5

b848cc9c799857387b279d773e4250df
SHA1

13c7f4df965698c1a8b10ced41ddec295f8634bb
SHA256

b6247c787ec362f884203a581049a638a59a9db8dc6bac8cb88869a45704dfc9
SHA512

48bfc3059a52bbe2668497b68747717e97f493aac40cd7900da337c72ed2ccb7e096b6e776bfcd8c79b3f1a7049d4bf4a3cdf5475c4395412766cefc105ee7bb

Score

10^/10

formbook rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

C2

http://www.alsagranit.info/rhk/

Decoy

luuthingoctrinam247.online

upcas.info

cmoswipefiles.com

rene-jew.com

kiddoslunchboxes.com

52wanlol.com

konstela.com

dajiangzhibo11.com

huibaoyuanhty.com

boudot.one

myinfinitycollectionagency.com

letsgetsunny.com

gruppolarta.com

factoka.com

artistspal.com

gewnrecaalouine.com

etiquetadorada.com

brememshop.com

kangyiyan.com

testcitestdpp03.com

Targets

- Target
  
  SWIFTY COPY.exe
- Size
  
  745KB
- MD5
  
  b848cc9c799857387b279d773e4250df
- SHA1
  
  13c7f4df965698c1a8b10ced41ddec295f8634bb
- SHA256
  
  b6247c787ec362f884203a581049a638a59a9db8dc6bac8cb88869a45704dfc9
- SHA512
  
  48bfc3059a52bbe2668497b68747717e97f493aac40cd7900da337c72ed2ccb7e096b6e776bfcd8c79b3f1a7049d4bf4a3cdf5475c4395412766cefc105ee7bb
Score

10^/10

formbook rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

formbookratspywarestealertrojan

behavioral2

formbookratspywarestealertrojan