formbook

General

Target

HSBC payment swift copy.exe
Size

939KB
Sample

210111-45vrw5wjen
MD5

a4157360da26197715f33249273aca5b
SHA1

1d7c9da78fccf8becc3dd7585f2a6a6882bc561f
SHA256

94ff08030a3e4421baf3ad3489d4d757dd4e8aab659aa8a06f99d2d81526d17e
SHA512

bc50504e9df77d05771a15d0667e26e7984487c44a9de30252ec49cd5299637246c16ebe51a00c8478860997b4b7b0c593017f9f6a25dfc0d26fc8053973f4e7

Score

10^/10

Malware Config

Extracted

Family

formbook

C2

http://www.deejayatl.com/khm/

Decoy

bizzglobal.com

sura-solutions.com

zhaofu7.com

electricindians.com

thedirtyreds.com

graalmilitaryofficial.com

yx-vinylglove.com

e-zenithonline.com

iric-canada.net

solrsmrtnrg.com

terdissuadablesouthe.net

farhadmagic.com

mysimplenook.com

melkavand.com

swirlinginlimbo.com

dentist-sandimas.com

88265536.com

88q18.com

kogiz.com

hasbiadam.com

Targets

- Target
  
  HSBC payment swift copy.exe
- Size
  
  939KB
- MD5
  
  a4157360da26197715f33249273aca5b
- SHA1
  
  1d7c9da78fccf8becc3dd7585f2a6a6882bc561f
- SHA256
  
  94ff08030a3e4421baf3ad3489d4d757dd4e8aab659aa8a06f99d2d81526d17e
- SHA512
  
  bc50504e9df77d05771a15d0667e26e7984487c44a9de30252ec49cd5299637246c16ebe51a00c8478860997b4b7b0c593017f9f6a25dfc0d26fc8053973f4e7
Score

10^/10

formbook rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

1

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2