formbook

General

Target

15012021567.exe
Size

782KB
Sample

210115-eavz3fhq7j
MD5

0377728dc176c34ec287a4ee6e1b6800
SHA1

e5d67a362ae9c51449000987f42882fba4d402df
SHA256

fb1b538251b7c9a011807fee199f1446b68c40e9caed0709389eac91e311bf1e
SHA512

3c8a2c442c16bdf1a540dec60305d7f663b444676d9fe5064ddae4ca5b0aeee41d111771ccae554cb70977ee8e066b6c21f0d32ed7ce765287d6a64896b4753b

Score

10^/10

Malware Config

Extracted

Family

formbook

C2

http://www.southsideflooringcreations.com/dkk/

Decoy

goldenfarmm.com

miproper.com

theutahan.com

efeteenerji.com

wellfarehealth.com

setricoo.com

enjoyablephotobooths.com

semaindustrial.com

jennywet.com

jackhughesart.com

cantgetryte.com

searko.com

zxrxhuny.icu

exoticorganicwine.com

fordexplorerproblems.com

locationwebtv.net

elinvoimainenperhe.com

mundoclik.com

nouvellenormale.com

talasnakliyat.com

Targets

- Target
  
  15012021567.exe
- Size
  
  782KB
- MD5
  
  0377728dc176c34ec287a4ee6e1b6800
- SHA1
  
  e5d67a362ae9c51449000987f42882fba4d402df
- SHA256
  
  fb1b538251b7c9a011807fee199f1446b68c40e9caed0709389eac91e311bf1e
- SHA512
  
  3c8a2c442c16bdf1a540dec60305d7f663b444676d9fe5064ddae4ca5b0aeee41d111771ccae554cb70977ee8e066b6c21f0d32ed7ce765287d6a64896b4753b
Score

10^/10

formbook rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

1

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2