formbook

General

Target

S4P1JiBZIZxvtFR.exe
Size

870KB
Sample

210108-19d9aema5e
MD5

6571a45194e01c7a51305974058b5eed
SHA1

0871ac8004e7bc5cdd5ecec7e61e0fed30b7bc89
SHA256

8d81e9e64adbbba0b32ff5e50a4af3afade44023876d62b8e4aa31c4aea3ec45
SHA512

0f81e28bdf681596da42778862cb895faf26c127ffe95ba0c79a28139444eb72cae93dc6fff89225ea174a9450645e9d02ccbbf960882f8333ecafdefe538ce0

Score

10^/10

Malware Config

Extracted

Family

formbook

C2

http://www.pddjdjp.com/2bb/

Decoy

buymystuff4me.online

nutritionfactor.net

mifactura.online

mskank.com

travel4benefits.com

harzak.com

2048zone.com

melaninswagger.com

kalakarmanch.com

ijustsaad.com

bikersagainstantifa.com

eddie-diaz.com

newcrestredchrisltd.com

virtualpresentersnetwork.com

narocinama.com

geralouiwarene.com

moldremovalintaunton.com

theperfectsupport.com

onlinestoragecloud.com

defisoftwares.com

Targets

- Target
  
  S4P1JiBZIZxvtFR.exe
- Size
  
  870KB
- MD5
  
  6571a45194e01c7a51305974058b5eed
- SHA1
  
  0871ac8004e7bc5cdd5ecec7e61e0fed30b7bc89
- SHA256
  
  8d81e9e64adbbba0b32ff5e50a4af3afade44023876d62b8e4aa31c4aea3ec45
- SHA512
  
  0f81e28bdf681596da42778862cb895faf26c127ffe95ba0c79a28139444eb72cae93dc6fff89225ea174a9450645e9d02ccbbf960882f8333ecafdefe538ce0
Score

10^/10

formbook rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1

T1053

Persistence

Scheduled Task

1

T1053

Privilege Escalation

Scheduled Task

1

T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2