formbook

General

Target

ORDER_LIST.exe
Size

1.1MB
Sample

210119-91zkkk8dtx
MD5

fa181a9414347d63137af021b2141cd6
SHA1

ccf670892b360b42fa7426de02a3e7629f333841
SHA256

3a04294c74c076d017ac8f59b506f735547d31472f7480cb6652dea5e3a2816c
SHA512

f2415e6563abfb25872b338edb2cc41a1f10a55cc6084c79c026dc4c1cec4bb952a36251b0f2bdde736d019805bfbf3d67f57e01b726d034cecb32984195e821

Score

10^/10

Malware Config

Extracted

Family

formbook

C2

http://www.merckcbd.com/dei5/

Decoy

studiomullerphoto.com

reallionairewear.com

dogsalondoggy-tail.com

excelmache.net

bigdiscounters.com

7986799.com

ignition.guru

xiaoxu.info

jpinpd.com

solpool.info

uchooswrewards.com

everestengineeringworks.com

qianglongzhipin.com

deepimper-325.com

appliedrate.com

radsazemehr.com

vivabematividadesfisicas.com

capacitalo.com

somecore.com

listingclass.net

Targets

- Target
  
  ORDER_LIST.exe
- Size
  
  1.1MB
- MD5
  
  fa181a9414347d63137af021b2141cd6
- SHA1
  
  ccf670892b360b42fa7426de02a3e7629f333841
- SHA256
  
  3a04294c74c076d017ac8f59b506f735547d31472f7480cb6652dea5e3a2816c
- SHA512
  
  f2415e6563abfb25872b338edb2cc41a1f10a55cc6084c79c026dc4c1cec4bb952a36251b0f2bdde736d019805bfbf3d67f57e01b726d034cecb32984195e821
Score

10^/10

formbook rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1

T1053

Persistence

Scheduled Task

1

T1053

Privilege Escalation

Scheduled Task

1

T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2