formbook

General

Target

January RFQ..exe
Size

1.5MB
Sample

210119-lare7dybee
MD5

cc13b6f169803d95f021b0ae44ffe5cb
SHA1

fbe82085f8df30bd7968c54afcd583bcb9bdc8dc
SHA256

99a42bd8c8cfb6b3b69162c2f3f657b3b3972dd353338ff17accb1c9afcd5892
SHA512

df35b54a1833d848ba052fe6c389ad3e08ad3962f7d98f17858cf20afe92d499058f54efb7a7138f99b1abc9df9aecaa10bcbd18bb4112ad60eb093ad4caf1b0

Score

10^/10

Malware Config

Extracted

Family

formbook

C2

http://www.tokomw.com/wt8z/

Decoy

blerdofmouth.com

talkheavy33.com

beautynewsreport.com

ashihun83.icu

fexkehv.icu

athe3bina.online

qkshu5.com

legendsfxmarketsreview.com

irisalerts.com

valkings.com

fullyplanted.com

jackmiramusic.com

stationcamphockey.com

ahlfb.com

detailsmatterinc.com

allenkohler.com

artefactoshop.com

quefarra.com

preloved.mobi

queenstyle.salon

Targets

- Target
  
  January RFQ..exe
- Size
  
  1.5MB
- MD5
  
  cc13b6f169803d95f021b0ae44ffe5cb
- SHA1
  
  fbe82085f8df30bd7968c54afcd583bcb9bdc8dc
- SHA256
  
  99a42bd8c8cfb6b3b69162c2f3f657b3b3972dd353338ff17accb1c9afcd5892
- SHA512
  
  df35b54a1833d848ba052fe6c389ad3e08ad3962f7d98f17858cf20afe92d499058f54efb7a7138f99b1abc9df9aecaa10bcbd18bb4112ad60eb093ad4caf1b0
Score

10^/10

formbook rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

1

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2