formbook | 38eca2a25088bfa832212231f4c7c600a2dd215931824c55cb15e7478f7c8c15 | Triage

Sharing

General

Target

1fuKoR0haiNZQZy.exe
Size

491KB
Sample

210223-6f3kdlvtl6
MD5

cd93fbbaa838564b7cd7cfae170713b0
SHA1

d0d38719d7e8b68d320a8d78eada9c7cd66f296c
SHA256

38eca2a25088bfa832212231f4c7c600a2dd215931824c55cb15e7478f7c8c15
SHA512

422950d397132986e8d1e759a37103cac3df8757f0bb0c284a5a65fae11bbce57c99c8a7c888e22fc88c3511998f8b963278d494dba728b7213b7f8fee6cdc11

Score

10^/10

formbook rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

C2

http://www.ncessity.com/awib/

Decoy

afrotl.com

highlandterracehome.com

bucklebelt.site

pipematch.com

babybkids.com

karpoforo.com

actforsea.com

kikizubrecords.com

mydibit.com

kdot.design

gerritsmontage.com

hurawn.com

judithtidwell.com

zoaies.com

ssboatzul.com

elevictory.com

data-4gviettel.club

znfyoug.icu

warnermusic.group

jxkuljhc.icu

Targets

- Target
  
  1fuKoR0haiNZQZy.exe
- Size
  
  491KB
- MD5
  
  cd93fbbaa838564b7cd7cfae170713b0
- SHA1
  
  d0d38719d7e8b68d320a8d78eada9c7cd66f296c
- SHA256
  
  38eca2a25088bfa832212231f4c7c600a2dd215931824c55cb15e7478f7c8c15
- SHA512
  
  422950d397132986e8d1e759a37103cac3df8757f0bb0c284a5a65fae11bbce57c99c8a7c888e22fc88c3511998f8b963278d494dba728b7213b7f8fee6cdc11
Score

10^/10

formbook rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookratspywarestealertrojan