formbook

General

Target

Mitsubishi Japan XN501.exe
Size

959KB
Sample

210115-cyfrhe4882
MD5

420a7a5ed66a75a7ede35f63cab3ab9c
SHA1

474b0ef1e7dab85ebd7296c408de13a18afd3870
SHA256

75f2a2a20e73b7e0c53d499b883a403c2b8cfbf17c5923d58e0167daa4c019c1
SHA512

cafe8be480487d71115512894798775d3eb4e3219f3e0d5395d5c6a098d51515fb85a1224c12ce22d0fb8bacc612d48fdc417fe077d4bfbbf35fd7f53c47df20

Score

10^/10

Malware Config

Extracted

Family

formbook

C2

http://www.9dgevjb.net/gtl/

Decoy

45687g.net

graveimport.com

bulldogsgear.com

service-support.email

uhzcflg.icu

zebradefensefund.com

make10xhappen.com

ecotegral.online

stillatwink.site

onwardatlanta.com

real-optionstheory.com

madbearcustomwoodworking.com

adelinekaczmarek.com

elia-lca.com

tinykreations.com

rawlinsrealty.info

ubcholdings.com

searko.com

lepinedoree.com

fundsrecoveryexperts.com

Targets

- Target
  
  Mitsubishi Japan XN501.exe
- Size
  
  959KB
- MD5
  
  420a7a5ed66a75a7ede35f63cab3ab9c
- SHA1
  
  474b0ef1e7dab85ebd7296c408de13a18afd3870
- SHA256
  
  75f2a2a20e73b7e0c53d499b883a403c2b8cfbf17c5923d58e0167daa4c019c1
- SHA512
  
  cafe8be480487d71115512894798775d3eb4e3219f3e0d5395d5c6a098d51515fb85a1224c12ce22d0fb8bacc612d48fdc417fe077d4bfbbf35fd7f53c47df20
Score

10^/10

formbook rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

1

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2