Overview

overview

10

Static

static

1

11.exe

windows7_x64

10

11.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    11.exe

  • Size

    234KB

  • Sample

    210420-sbj6p76lqs

  • MD5

    220dd8a37c0783d1e906525186ddc95c

  • SHA1

    0153efd575f5ce0afeb5e8e7f40b6d0e0967e456

  • SHA256

    7de63d57554daf81ef5bd3508fce96ae9d2eaae9bee30eb29d147095b3d9ea33

  • SHA512

    5fab23a422fb69d302d4c60cc347007dee423af00657386a3a232ab7faadd70903d11ef7b3cfc957bad431b519bf205e328427f67af3a4303e25c9f009f2c224

Score
10/10
formbookratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.middlehambooks.com/klf/

Decoy

podcastyourvote.com

northernlsx.com

guide4idiots.com

artebythesea.com

sapanyc.com

livinoutthedreamsco.com

thepowersinyou.com

protocolmodern.com

holdergear.com

betteringthehumanexperience.xyz

agnostec.com

royermaldonado.com

wealthtruckingco.com

artcode-software.com

microsoftpods.com

identityofplace.com

algoritas.com

grandpaurbanfarm.net

zahidibr.com

flawlessdrinking.com

Targets

    • Target

      11.exe

    • Size

      234KB

    • MD5

      220dd8a37c0783d1e906525186ddc95c

    • SHA1

      0153efd575f5ce0afeb5e8e7f40b6d0e0967e456

    • SHA256

      7de63d57554daf81ef5bd3508fce96ae9d2eaae9bee30eb29d147095b3d9ea33

    • SHA512

      5fab23a422fb69d302d4c60cc347007dee423af00657386a3a232ab7faadd70903d11ef7b3cfc957bad431b519bf205e328427f67af3a4303e25c9f009f2c224

    Score
    10/10
    formbookratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Deletes itself

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks