formbook

General

Target

Project review_Pdf.exe
Size

887KB
Sample

210112-r9xm3cm7ze
MD5

75cdd33d69536dd19e8d0d1bf70a6407
SHA1

5c15819e25ad22325097863803a639ab205d17e2
SHA256

cf63918e0cb789a778c7eac7c1b5d896db35caa3fa9fd179b95a4101f5856af7
SHA512

732a9f7d96fd1c3ed500bda65ae02a1a04c774d409d4dab853b1c10145af10c3a81691cecb085d4925ca0c596ce2a6892ba14291427128a21768f657066fe417

Score

10^/10

Malware Config

Extracted

Family

formbook

C2

http://www.workonlinetimallen.com/dll/

Decoy

nyeconcreations.com

generar-k.com

refugiodelmate.com

elementclubhouse.com

freescorrs.xyz

tonesweettone.com

lojachicco.com

cyberxchange.net

strobelsolutions.com

tipsytravelerbar.com

shesheofnewyork.com

jdallmed.com

woefys.online

naviwatch.net

yuelvzuche.com

thehoneysuppliers.site

smokindeebflavors.com

preventvaccins.com

thepraisehouse.com

lgbtpridedirectory.com

Targets

- Target
  
  Project review_Pdf.exe
- Size
  
  887KB
- MD5
  
  75cdd33d69536dd19e8d0d1bf70a6407
- SHA1
  
  5c15819e25ad22325097863803a639ab205d17e2
- SHA256
  
  cf63918e0cb789a778c7eac7c1b5d896db35caa3fa9fd179b95a4101f5856af7
- SHA512
  
  732a9f7d96fd1c3ed500bda65ae02a1a04c774d409d4dab853b1c10145af10c3a81691cecb085d4925ca0c596ce2a6892ba14291427128a21768f657066fe417
Score

10^/10

formbook rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2