formbook

General

Target

PO210119.exe
Size

1.5MB
Sample

210119-wdghfmmxcx
MD5

b074bc8cc313c6fcafe448ae189de963
SHA1

427ad90e6f9e40c447a66dedb344c788764cbf92
SHA256

f6a1cf040ecee307e3e5289f73b27664e33db21aaac5142e89b2a956934ae0c9
SHA512

86067908dc9e432cb6362e1925d0aa5e57cde258d5c4dfb724a8e1dde9a273b1062e2a37d1ee82ea10ed08f7f20619ed96f5df6cad81c90d0757fd7d055b371a

Score

10^/10

Malware Config

Extracted

Family

formbook

C2

http://www.midnightblueinc.com/2kf/

Decoy

edmondscakes.com

doublewldr.online

tickets2usa.com

heyhxry.com

weightloss-gulfport.com

prosselius.com

newviewroofers.com

jacksonarearealestate.com

catparkas.xyz

pagos2020.com

sonwsefjrahi.online

franchisethings.com

nuocvietngaynay.com

sohelvai.com

mikeyroush.com

lamesaroofing.com

betbigo138.com

amazon-service-recovery.com

clockin.net

riostrader.com

Targets

- Target
  
  PO210119.exe
- Size
  
  1.5MB
- MD5
  
  b074bc8cc313c6fcafe448ae189de963
- SHA1
  
  427ad90e6f9e40c447a66dedb344c788764cbf92
- SHA256
  
  f6a1cf040ecee307e3e5289f73b27664e33db21aaac5142e89b2a956934ae0c9
- SHA512
  
  86067908dc9e432cb6362e1925d0aa5e57cde258d5c4dfb724a8e1dde9a273b1062e2a37d1ee82ea10ed08f7f20619ed96f5df6cad81c90d0757fd7d055b371a
Score

10^/10

formbook rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1

T1053

Persistence

Scheduled Task

1

T1053

Privilege Escalation

Scheduled Task

1

T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2