formbook

General

Target

9ec6e392fa3c0d697dcf073de9488ff2.exe
Size

234KB
Sample

210420-db5pa9a3j6
MD5

9ec6e392fa3c0d697dcf073de9488ff2
SHA1

ef0e366f046f8edf28771ad6727fe6e7f0063ae6
SHA256

6f4fbab85c58d588450bc856ceff3894645e0033b4c4d2684184a8430c01daa4
SHA512

b4be3f3fc3a16ac01b89e61c1083deb77c3cd1281c188b6156fd59a4b8ad5f3cab6f8087c056811c38fa4f322ab9d6dc5209f73c52cb3e19ac60358a972eedaa

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.shoprodeovegas.com/xcl/

Decoy

sewingtherose.com

thesmartshareholder.com

afasyah.com

marolamusic.com

lookupgeorgina.com

plataforyou.com

dijcan.com

pawtyparcels.com

interprediction.com

fairerfinancehackathon.net

thehmnshop.com

jocelynlopez.com

launcheffecthouston.com

joyeveryminute.com

spyforu.com

ronerasanjuan.com

gadgetsdesi.com

nmrconsultants.com

travellpod.com

ballparksportscards.com

Targets

- Target
  
  9ec6e392fa3c0d697dcf073de9488ff2.exe
- Size
  
  234KB
- MD5
  
  9ec6e392fa3c0d697dcf073de9488ff2
- SHA1
  
  ef0e366f046f8edf28771ad6727fe6e7f0063ae6
- SHA256
  
  6f4fbab85c58d588450bc856ceff3894645e0033b4c4d2684184a8430c01daa4
- SHA512
  
  b4be3f3fc3a16ac01b89e61c1083deb77c3cd1281c188b6156fd59a4b8ad5f3cab6f8087c056811c38fa4f322ab9d6dc5209f73c52cb3e19ac60358a972eedaa
Score

10^/10

formbook rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2