formbook

General

Target

2e2eba416b6ec3efaace0621e8e229d2.exe
Size

333KB
Sample

210420-8a6c3qb8b2
MD5

2e2eba416b6ec3efaace0621e8e229d2
SHA1

c638e91299adc8ff3e0e21120e9417feed819861
SHA256

398e6661f5ca757d0d7c777a0ed8ca1481b5c2df810008164e1f51deefc2ab48
SHA512

eae1ceb02e8130b507041125c589e4ab2beea7e110abd600029b8f2a42beb6e1c14f0b1c3c4d654d715cf0c4dfe838740a83a09df3d2abbf5b2bd7c919282201

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.stepsaudio.com/mjl/

Decoy

assetscheck.com

domauritius.com

therealnotary.com

xcusehrreje.com

modernhub.info

ckr7.com

umbracreations.net

dikanji.com

gaonwale.com

behind-the-pink-door.com

xn--4dbaigbvbe5b1a.net

cbcsnesscity.com

db-mktdigital.com

jackaldenryan.com

china-xinkai.com

856380511.xyz

sonoraquwat.com

chinaiess.com

blockchainisgreat.com

yax98.com

Targets

- Target
  
  2e2eba416b6ec3efaace0621e8e229d2.exe
- Size
  
  333KB
- MD5
  
  2e2eba416b6ec3efaace0621e8e229d2
- SHA1
  
  c638e91299adc8ff3e0e21120e9417feed819861
- SHA256
  
  398e6661f5ca757d0d7c777a0ed8ca1481b5c2df810008164e1f51deefc2ab48
- SHA512
  
  eae1ceb02e8130b507041125c589e4ab2beea7e110abd600029b8f2a42beb6e1c14f0b1c3c4d654d715cf0c4dfe838740a83a09df3d2abbf5b2bd7c919282201
Score

10^/10

formbook rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2