formbook

General

Target

Request for Quotation.exe
Size

500KB
Sample

210226-q82lpvw9cn
MD5

1d9fd84bc6eaa80b160bd313750f6ff5
SHA1

011e1975d6cb6a567ad3fed83d59310728bd9227
SHA256

1df6109d033a42d97b34133e69afc0da679586b85b6614b034ebfd9343062d20
SHA512

d66d0a83284f6f21e711c3d62bcd280042d6a50125dc410b4c79d6f6dba7be5b6bd628fb21e6491b2bb291770f6d1c3951257e948dcbbb587e397fc75296a8da

Score

10^/10

Malware Config

Extracted

Family

formbook

C2

http://www.fptableau.com/u3q/

Decoy

wingenomics.com

malwaredeepdive.com

uvdxkup.icu

safeweb-url624.com

lighthousetan.com

liumeilin.com

thaiexpressnyc.com

primedperspective.com

georgekwalker.com

purelife-gt.com

theboseproject.com

moralalaska.icu

anthonysoflittleitaly.com

talahadavi.com

waterbrooksacademy.com

aluneaproaieauayauwpalaua.com

mytshirtforlife.com

penerbitlayung.com

chainslugs.com

bhbgsc.com

Targets

- Target
  
  Request for Quotation.exe
- Size
  
  500KB
- MD5
  
  1d9fd84bc6eaa80b160bd313750f6ff5
- SHA1
  
  011e1975d6cb6a567ad3fed83d59310728bd9227
- SHA256
  
  1df6109d033a42d97b34133e69afc0da679586b85b6614b034ebfd9343062d20
- SHA512
  
  d66d0a83284f6f21e711c3d62bcd280042d6a50125dc410b4c79d6f6dba7be5b6bd628fb21e6491b2bb291770f6d1c3951257e948dcbbb587e397fc75296a8da
Score

10^/10

formbook rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Beds Protector Packer
  Detects Beds Protector packer used to load .NET malware.
- Formbook Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

1

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Beds Protector Packer

Formbook Payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2