formbook

General

Target

PO2364#FD212002.exe
Size

1.0MB
Sample

210118-jdvam5q94n
MD5

c3298c6e18313176495e56d22f45518c
SHA1

42647e355a166c15df4a9e32ea967aa4d67a6ba2
SHA256

178ab8c2af1c8e5a0782d79d4910efc280b6fcd1213d84cf5899d28ba232bfaa
SHA512

07698e60d8f0f5c0f6a2e9a06795a0cc300df6f82d7a63a39b46854eaf7eb363a76d1952e234c380ad9af1a60cf831144c9e24ac0def85f98b46d86ba3b5e578

Score

10^/10

Malware Config

Extracted

Family

formbook

C2

http://www.styrelseforum.com/p95n/

Decoy

kimberlyrutledge.com

auctus.agency

johnemotions.com

guilt-brilliant.com

wxshangdian.com

theolivetreeonline.com

stellarfranchisebrands.com

every1no1.com

hoangthanhgroup.com

psm-gen.com

kingdomwow.com

digitalksr.com

karynpolitoforlg.com

youthdaycalgary.com

libertyhandymanservicesllc.com

breatheohio.com

allenleather.com

transformafter50.info

hnhsylsb.com

hmtradebd.com

Targets

- Target
  
  PO2364#FD212002.exe
- Size
  
  1.0MB
- MD5
  
  c3298c6e18313176495e56d22f45518c
- SHA1
  
  42647e355a166c15df4a9e32ea967aa4d67a6ba2
- SHA256
  
  178ab8c2af1c8e5a0782d79d4910efc280b6fcd1213d84cf5899d28ba232bfaa
- SHA512
  
  07698e60d8f0f5c0f6a2e9a06795a0cc300df6f82d7a63a39b46854eaf7eb363a76d1952e234c380ad9af1a60cf831144c9e24ac0def85f98b46d86ba3b5e578
Score

10^/10

formbook rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2