formbook

General

Target

Requirement of Sonic Tube 50 mm.exe
Size

299KB
Sample

210226-lq27gb2g3a
MD5

5e51248701b8a456d39854abfe287c86
SHA1

e4c46f8e5d7eceeaab88591c75fb55c8c52b963c
SHA256

c1a40dbca9d28ac760447f501d812b82312be281ee699fdcc4a6a543077caa3d
SHA512

f122ce0ee0daa496fc5714f8e7f0cdffa590877e16a3aba4980afbf9007942264b0ca71de16af81a188e089ffcb39f1ffaf75d0b635ac1b662ff424661f297ee

Score

10^/10

Malware Config

Extracted

Family

formbook

C2

http://www.fun4gang.xyz/thg/

Decoy

retrospectphotographydesign.com

jafodraws.com

cigiwie.space

upgradecarehealth.com

12ts.xyz

111indianbend.com

qqchbakery.com

0831xx.com

supecret.com

ayfadopple.com

coldwateradvisors.com

forexgiftcard.com

actionconsultingchile.com

mpsconcrete.net

carmallc.com

b167888.com

simonking.xyz

elitedigitalperformance.com

essentialjanitorialservices.com

barcosocasionberga.com

Targets

- Target
  
  Requirement of Sonic Tube 50 mm.exe
- Size
  
  299KB
- MD5
  
  5e51248701b8a456d39854abfe287c86
- SHA1
  
  e4c46f8e5d7eceeaab88591c75fb55c8c52b963c
- SHA256
  
  c1a40dbca9d28ac760447f501d812b82312be281ee699fdcc4a6a543077caa3d
- SHA512
  
  f122ce0ee0daa496fc5714f8e7f0cdffa590877e16a3aba4980afbf9007942264b0ca71de16af81a188e089ffcb39f1ffaf75d0b635ac1b662ff424661f297ee
Score

10^/10

formbook rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Deletes itself

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2