formbook

General

Target

winlog.exe
Size

744KB
Sample

210112-a6lnv1t6sn
MD5

2e56ef2fbc6e9d6eacdef3c1551b4d07
SHA1

bca0cf7d4a30bb32a65091949bbfe5d93e087e31
SHA256

fc4a97c809b221101e5bd66497e1c058c8b33913c336a74183c7d7f7caedc803
SHA512

5d6477a99b0735161e28674b8746ae343a53190a1fb3733012bcdbeffbba5cc682f4ab13aede846729e63250551d0b229df927b4030f0dd209df0dea8b86a2f8

Score

10^/10

Malware Config

Extracted

Family

formbook

C2

http://www.bytecommunication.com/aky/

Decoy

jeiksaoeklea.com

sagame-auto.net

soloseriolavoro.com

thecreatorsbook.com

superskritch.com

oroxequipment.com

heart-of-art.online

liwedfg.com

fisherofsouls.com

jota.xyz

nehyam.com

smart-contact-delivery.com

hoom.guru

dgryds.com

thesoakcpd.com

mishv.com

rings-factory.info

bero-craft-beers.com

podcastnamegenerators.com

856379813.xyz

Targets

- Target
  
  winlog.exe
- Size
  
  744KB
- MD5
  
  2e56ef2fbc6e9d6eacdef3c1551b4d07
- SHA1
  
  bca0cf7d4a30bb32a65091949bbfe5d93e087e31
- SHA256
  
  fc4a97c809b221101e5bd66497e1c058c8b33913c336a74183c7d7f7caedc803
- SHA512
  
  5d6477a99b0735161e28674b8746ae343a53190a1fb3733012bcdbeffbba5cc682f4ab13aede846729e63250551d0b229df927b4030f0dd209df0dea8b86a2f8
Score

10^/10

formbook rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

1

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2