formbook | b1f9b3ef3e6192490d6ff9f23f8b360edf2c5b7722a2ba843d1ece24c2f990ce | Triage

Sharing

General

Target

sample12345678.zip
Size

398KB
Sample

210420-56cmf7cn6a
MD5

dc59326f792e6e4009c04267705eff46
SHA1

15721184548bda3c016d38279006583b3515c8d9
SHA256

b1f9b3ef3e6192490d6ff9f23f8b360edf2c5b7722a2ba843d1ece24c2f990ce
SHA512

a3973af574081beea4eea70a6a82b392cf44a5700cb8811677231809127a1658a8b76c97dbbe0a3f89522b37e7e1d650ec745ddd683bd4cc80f05d673ec226fd

Score

10^/10

formbook rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.expensiveindia.com/ksb/

Decoy

rbscotl.net

mimascota10.com

ncylis.com

mariemdonacosmetics.com

elitecleaningnow.com

stockvisioner.com

whatsmodish.com

paghaze.com

weargoodsport.com

alesspace.com

rajputboarding.com

ctezna.site

athetheist.com

neurologistaandreialamberti.com

pindaz.com

ericsklavos.com

icare4me.com

xn--pypl-qoac.com

52swith.com

chetansenterprises.com

Targets

- Target
  
  Project 88399287990.exe
- Size
  
  622KB
- MD5
  
  3837485b707ee00ae594d8b339c56ece
- SHA1
  
  df8dab1ca8581cdf2c8de899d0d4a8df8ca8d24c
- SHA256
  
  71ef3a1c1b5deecad87d419dff14667503ffbfb7f5a16f5b53eda57ae33bde7b
- SHA512
  
  6a243b10b4e556d4cf6c95f5f7d534f0ec8bd32f6cb5c153abfbdf2dcaa04c6adcb122a42cccb882cee90c98b6d50fc04bb9355f0de7a82a27e615ae10c39ba6
Score

10^/10

formbook rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

formbookratspywarestealertrojan

behavioral2

formbookratspywarestealertrojan