formbook | 2f967ba6b8f8b67cb56aa7237623d87aa4949c95c5c2c685df2fd60d65df6b76 | Triage

Sharing

General

Target

2f967ba6b8f8b67cb56aa7237623d87aa4949c95c5c2c685df2fd60d65df6b76
Size

526KB
Sample

210209-lmw44tpnbj
MD5

7dd7acc128877f24038c4a19ff158700
SHA1

45c2ce810039dcadb6283e55a73ebbe818e63504
SHA256

2f967ba6b8f8b67cb56aa7237623d87aa4949c95c5c2c685df2fd60d65df6b76
SHA512

b3a53dfab0b53902660658c222bd91fb6730dd59689b1955cb6b6e6369a5aabd00bfa00beeba3727b6cecf64840acb4213e349c8f68ed625493bae23f7ea1bd5

Score

10^/10

formbook aspackv2 persistence rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

C2

http://www.joomlas123.info/n7ak/

Decoy

audereventur.com

huro14.com

wwwjinsha155.com

antiquevendor.com

samuraisoulfood.net

traffic4updates.download

hypersarv.com

rapport-happy-wedding.com

rokutechnosupport.online

allworljob.com

hanaleedossmann.com

kauai-marathon.com

bepbosch.com

kangen-international.com

zoneshopemenowz.com

belviderewrestling.com

ipllink.com

sellingforcreators.com

wwwswty6655.com

qtumboa.com

Targets

- Target
  
  2f967ba6b8f8b67cb56aa7237623d87aa4949c95c5c2c685df2fd60d65df6b76
- Size
  
  526KB
- MD5
  
  7dd7acc128877f24038c4a19ff158700
- SHA1
  
  45c2ce810039dcadb6283e55a73ebbe818e63504
- SHA256
  
  2f967ba6b8f8b67cb56aa7237623d87aa4949c95c5c2c685df2fd60d65df6b76
- SHA512
  
  b3a53dfab0b53902660658c222bd91fb6730dd59689b1955cb6b6e6369a5aabd00bfa00beeba3727b6cecf64840acb4213e349c8f68ed625493bae23f7ea1bd5
Score

10^/10

formbook persistence rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

formbookpersistenceratspywarestealertrojan