formbook

General

Target

power.ps1
Size

4KB
Sample

210118-sz7xvb2zfs
MD5

64d942a7c2e9dea577a1c062e6dc6bbd
SHA1

4b074b041c48ed8b4e1a175df1ff5dd5614d2c46
SHA256

7bec2a01478bd943f3752937e56ac6dcd8d4d702b2a7eb91dc97b531a732fa6d
SHA512

639cb9246fcda7046922a65408aa0fed462753398f24d030b5664f08bff27f3a0ba5e912568b6c78e7941633aa333b45296da3ff25e4f52a96c959bf016a6a71

Score

10^/10

Malware Config

Extracted

Family

formbook

C2

http://www.groupoperationltd.com/mph/

Decoy

caravanmattressesforsale.com

romicalpk.com

procentrall.com

happyworkpro.com

barriobruja.com

olenfex.com

driftandcompile.com

heisen.club

materialmatch.online

maxmaldives.com

wzlxpscr.com

ytvksh.space

amonez.com

hatchmatchusa.com

mcfarlandfamilyevents.com

mcchoo.xyz

ravgugenheim.com

shapeshift.asia

defensebowl.store

styleliving.today

Targets

- Target
  
  power.ps1
- Size
  
  4KB
- MD5
  
  64d942a7c2e9dea577a1c062e6dc6bbd
- SHA1
  
  4b074b041c48ed8b4e1a175df1ff5dd5614d2c46
- SHA256
  
  7bec2a01478bd943f3752937e56ac6dcd8d4d702b2a7eb91dc97b531a732fa6d
- SHA512
  
  639cb9246fcda7046922a65408aa0fed462753398f24d030b5664f08bff27f3a0ba5e912568b6c78e7941633aa333b45296da3ff25e4f52a96c959bf016a6a71
Score

10^/10

formbook rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Blocklisted process makes network request
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

1

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Blocklisted process makes network request

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2