formbook

General

Target

SHIPPING INVOICE DOCUMENTS.exe
Size

853KB
Sample

210421-46japcfyha
MD5

04baf056bf4494fe6036d5be3a89c8f1
SHA1

a8bc3fa679c03f5889719f083c9f6e03d6b7eba1
SHA256

cf9638dcb0bcb52595ec1c4b79240f69536124fd85c9a07395dc563d19677a68
SHA512

1f228fe6f66ede703f764bfab3f28fd27610cd2c6a33f9509fa0d87384a101b7ed4fd3c8fe4b365cabd0486454b3bdd82631b49115679216d8686f49c185c747

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.onlytwod.xyz/htl/

Decoy

bankeveyone.com

dumbmask.info

otrazhenie.space

pindd2.com

176whalebeachroad.com

onebook.world

mymuslimlawyer.com

xkhfw.com

bensbbq5931.com

pirateequitypatrick.com

medwebconsult.com

dungeonrunarena.com

friendlyukes.club

17pk.world

srtravails.com

kai-arts.com

fyuvpn.com

floryi.com

festesni.com

assroyalty.club

Targets

- Target
  
  SHIPPING INVOICE DOCUMENTS.exe
- Size
  
  853KB
- MD5
  
  04baf056bf4494fe6036d5be3a89c8f1
- SHA1
  
  a8bc3fa679c03f5889719f083c9f6e03d6b7eba1
- SHA256
  
  cf9638dcb0bcb52595ec1c4b79240f69536124fd85c9a07395dc563d19677a68
- SHA512
  
  1f228fe6f66ede703f764bfab3f28fd27610cd2c6a33f9509fa0d87384a101b7ed4fd3c8fe4b365cabd0486454b3bdd82631b49115679216d8686f49c185c747
Score

10^/10

formbook rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

1

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2