formbook

General

Target

PI_JAN9071011998_BARYSLpdf.exe
Size

941KB
Sample

210115-byl946trte
MD5

31dddef6168b1d0e0f731f01eca9ea58
SHA1

bd1e997473e71ae2e8021298149b692cb84aab54
SHA256

7a47a855968f4e82d6cc2d35186d2d56468701bc5587cc87f82a847bd2c45ae5
SHA512

de6ceb15b960f8b6ab95438b04495974c200086447b4b4d91401af936105a2bf66888913e16ba1ffb7a171aa1de0a7fabb6f02979362a3bef978f011571b8ebb

Score

10^/10

Malware Config

Extracted

Family

formbook

C2

http://www.thedilleyo.com/kb8/

Decoy

goodsforbuilders.com

dafuhe.com

parapharmacity.com

montclairymcamotionvibe.com

jamesmccloudart.com

reignfallentertainment.com

couplesforequality.com

pitchbop.com

minipresspaperco.com

venoam.com

so-paradise.com

surgeryprovider.com

donaldscareers.com

disney-funlife.com

biosolo.net

themodsmith.net

grandhawaiian.com

11mountains.com

immatesearch.com

stochastichq.com

Targets

- Target
  
  PI_JAN9071011998_BARYSLpdf.exe
- Size
  
  941KB
- MD5
  
  31dddef6168b1d0e0f731f01eca9ea58
- SHA1
  
  bd1e997473e71ae2e8021298149b692cb84aab54
- SHA256
  
  7a47a855968f4e82d6cc2d35186d2d56468701bc5587cc87f82a847bd2c45ae5
- SHA512
  
  de6ceb15b960f8b6ab95438b04495974c200086447b4b4d91401af936105a2bf66888913e16ba1ffb7a171aa1de0a7fabb6f02979362a3bef978f011571b8ebb
Score

10^/10

formbook rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

1

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2