formbook | c3a69db8642855e1dfcbcb213f7f050c5fb2d86744183b13483411f97009c2a0 | Triage

Sharing

General

Target

PO-000202112.exe
Size

1.0MB
Sample

210113-qpr2ssfnns
MD5

673900f8da4aa24a77f61417d0273d85
SHA1

0d04e357ccb332b63b1a8d9d4e9f6b889c2f0b77
SHA256

c3a69db8642855e1dfcbcb213f7f050c5fb2d86744183b13483411f97009c2a0
SHA512

63c30b550f314620cdc961eb1dcb0c91e8f9b702aa722f34b0c81c308ac5f44ab9818bd12fb8e13aabc6ed3bab16b6df90b1727aed976fcf86ee4a0422adfde6

Score

10^/10

formbook rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

C2

http://www.culturespk.com/kbl/

Decoy

flamesapp.com

ravenridgehoa.com

epraggma.com

stupidbooks.com

jointhesadls.com

estavisaapplication.com

12minhomebusiness.com

wwddww.com

stratusdetroitmail.com

storevanguard.com

cadeaux-et-gadgets.com

vbnfnleoba.club

ilikecircles.com

inspirednycharm.com

baizhongcai.com

medinius.info

call0815.com

vastu618.com

beautyshopin.com

looksplanet.com

Targets

- Target
  
  PO-000202112.exe
- Size
  
  1.0MB
- MD5
  
  673900f8da4aa24a77f61417d0273d85
- SHA1
  
  0d04e357ccb332b63b1a8d9d4e9f6b889c2f0b77
- SHA256
  
  c3a69db8642855e1dfcbcb213f7f050c5fb2d86744183b13483411f97009c2a0
- SHA512
  
  63c30b550f314620cdc961eb1dcb0c91e8f9b702aa722f34b0c81c308ac5f44ab9818bd12fb8e13aabc6ed3bab16b6df90b1727aed976fcf86ee4a0422adfde6
Score

10^/10

formbook rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Command-Line Interface

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

formbookratspywarestealertrojan

behavioral2

formbookratspywarestealertrojan