formbook

General

Target

swiftcopy.exe
Size

659KB
Sample

210227-2xvkg4qgla
MD5

58a31f7df6c75f13a2dfcbb4b75cdf5a
SHA1

5ea239556ec4d627ae9aa0d89eb2bb5a6d43fcb0
SHA256

6c8141b5a0c080453e977556384f927bc36d7bbab64f98c854a5cf2b6f085106
SHA512

99c23b6f9fa5d20d9d5a28a353056fb71d6cbfcef54d5243ba9c31bc6e4d02099b5d14538d8202da3ef9a5884f95cc615cdd20a6a3260bbf09a4d166e1f0f3bf

Score

10^/10

Malware Config

Extracted

Family

formbook

C2

http://www.haxors-list.com/wo72/

Decoy

spiritualclothings.com

casalesandleasing.com

ys6-best.com

kaurmortgages.com

ktop10.com

designsbydevan.com

modelsch.com

airh20.com

meganepa-man.com

ellysprimerib.com

teapod.club

travelsjob.com

thefundraisingguru.com

crutoshare.com

royaltxsklusvboutique.com

wberr.net

neilwilloughby.com

meaninginmedia.com

specialtogo.com

ofyoursproducts.com

Targets

- Target
  
  swiftcopy.exe
- Size
  
  659KB
- MD5
  
  58a31f7df6c75f13a2dfcbb4b75cdf5a
- SHA1
  
  5ea239556ec4d627ae9aa0d89eb2bb5a6d43fcb0
- SHA256
  
  6c8141b5a0c080453e977556384f927bc36d7bbab64f98c854a5cf2b6f085106
- SHA512
  
  99c23b6f9fa5d20d9d5a28a353056fb71d6cbfcef54d5243ba9c31bc6e4d02099b5d14538d8202da3ef9a5884f95cc615cdd20a6a3260bbf09a4d166e1f0f3bf
Score

10^/10

formbook rat spyware stealer trojan persistence
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Adds policy Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

2

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Adds policy Run key to start application

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2