formbook

General

Target

Project Review_pdf.ace
Size

616KB
Sample

210113-lga5gc692x
MD5

b04c0aa206def29aef3cc83017dc57b8
SHA1

93535ae1bb09443b58ec072c39ee93ea56ddecb3
SHA256

8992acb9785fa3b6193a31207cdd573a3295f8ca0b4a2f4cb8ba214a469a0a3c
SHA512

f545b0c873fbe7330a25c0fcef05cd1b420e80885291128ad676f9eceebe51e050c8d916cc8a1f266cfc25fb70cc25c6f08381ddc98de80514d78153d06911fb

Score

10^/10

Malware Config

Extracted

Family

formbook

C2

http://www.workonlinetimallen.com/dll/

Decoy

nyeconcreations.com

generar-k.com

refugiodelmate.com

elementclubhouse.com

freescorrs.xyz

tonesweettone.com

lojachicco.com

cyberxchange.net

strobelsolutions.com

tipsytravelerbar.com

shesheofnewyork.com

jdallmed.com

woefys.online

naviwatch.net

yuelvzuche.com

thehoneysuppliers.site

smokindeebflavors.com

preventvaccins.com

thepraisehouse.com

lgbtpridedirectory.com

Targets

- Target
  
  Project Review_pdf.exe
- Size
  
  913KB
- MD5
  
  508b7bca5b55eba939827fa59d25195c
- SHA1
  
  991fae86b65d9ae32f267d53c05d3b24248bd1ac
- SHA256
  
  28aad79081b924ce33128b96953771392acdd3881c2b21db53d1a0f8de83ec5b
- SHA512
  
  afbcad2c554c15b272b1ff5b4156f9bf360556d0faab9c4e4760195a8efd86b6942b0f6259df45e14932b812227cbaa74d1adc76f2c5c3765d038cf28d891958
Score

10^/10

formbook rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

1

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2