formbook

General

Target

Details here.exe
Size

1.2MB
Sample

210118-3l859bgpbx
MD5

a952c15d26e8b87cce83c842f9c56d71
SHA1

734fab89fedb57add80068bc56267512d717c189
SHA256

67710323c3dd7ba7cc04081512bdb304b4d7edd72975f2891c1f5893fdb75a8a
SHA512

2b433b9670d54b588cd1bd77e302ef6dea911bdb6eb5043653003b2ec30d005fb953c7ec844235203b56e22e3e26b60cadcea7662a9a73471441d64e01b8c696

Score

10^/10

Malware Config

Extracted

Family

formbook

C2

http://www.deuxus.com/t052/

Decoy

ladybug-learning.com

unforgottenstory.com

oldmopaiv.xyz

natashaexim.com

hannahmcelgunn.com

retargetingmachines.info

njoconline.com

unicornlankadelivery.com

giftkerala.com

englishfordoctors.online

schatzilandrvresort.com

brujoisaac.com

basiccampinggear.com

escapees.today

dgyxsy888.com

stevebana.xyz

mimozakebap.com

ezdoff.com

pluumyspalace.com

shaoshanshan.com

Targets

- Target
  
  Details here.exe
- Size
  
  1.2MB
- MD5
  
  a952c15d26e8b87cce83c842f9c56d71
- SHA1
  
  734fab89fedb57add80068bc56267512d717c189
- SHA256
  
  67710323c3dd7ba7cc04081512bdb304b4d7edd72975f2891c1f5893fdb75a8a
- SHA512
  
  2b433b9670d54b588cd1bd77e302ef6dea911bdb6eb5043653003b2ec30d005fb953c7ec844235203b56e22e3e26b60cadcea7662a9a73471441d64e01b8c696
Score

10^/10

formbook rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2