formbook

General

Target

20210111140930669.exe
Size

868KB
Sample

210111-zgpmd8mhlx
MD5

55a9f49ac7b18c445a01aa766954a68d
SHA1

73ebd37572a79adec31ceefda6bfec90a9f70f3a
SHA256

1b6a34ba043c45cfc63367a5a35d3c58b074d723c666d018b3c4c0d950e42b40
SHA512

50d1c160637c22e51432ac86e38f3e9e941069859ea02d62df505cb7e7190ba8282b0462520c0879798e1f3509283d2e13b5f3ef61bfe8a8699a18fc0cb482ef

Score

10^/10

Malware Config

Extracted

Family

formbook

C2

http://www.midnightblueinc.com/2kf/

Decoy

edmondscakes.com

doublewldr.online

tickets2usa.com

heyhxry.com

weightloss-gulfport.com

prosselius.com

newviewroofers.com

jacksonarearealestate.com

catparkas.xyz

pagos2020.com

sonwsefjrahi.online

franchisethings.com

nuocvietngaynay.com

sohelvai.com

mikeyroush.com

lamesaroofing.com

betbigo138.com

amazon-service-recovery.com

clockin.net

riostrader.com

Targets

- Target
  
  20210111140930669.exe
- Size
  
  868KB
- MD5
  
  55a9f49ac7b18c445a01aa766954a68d
- SHA1
  
  73ebd37572a79adec31ceefda6bfec90a9f70f3a
- SHA256
  
  1b6a34ba043c45cfc63367a5a35d3c58b074d723c666d018b3c4c0d950e42b40
- SHA512
  
  50d1c160637c22e51432ac86e38f3e9e941069859ea02d62df505cb7e7190ba8282b0462520c0879798e1f3509283d2e13b5f3ef61bfe8a8699a18fc0cb482ef
Score

10^/10

formbook rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

1

T1053

Persistence

Scheduled Task

1

T1053

Privilege Escalation

Scheduled Task

1

T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2