formbook

General

Target

7f3fc7d086447a7e15e0d32bdd885cbc.exe
Size

270KB
Sample

210421-8mj4dh9m16
MD5

7f3fc7d086447a7e15e0d32bdd885cbc
SHA1

172a3f88a776b461b0e98f72b55b6a82dcf23f2d
SHA256

ce2ca323cae4838375c60305a3706e6828ab9fd8e30b65b1d0f4c87dbce0f29b
SHA512

0805830a0ad0f7beef0fa993a6a4ffee0fe27bda95e04009317b0779d8fba1b26b1bd48de64f0d682554c614c4df68b16b8af2d0c2e98099d3e15e29650b7554

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.shoprodeovegas.com/xcl/

Decoy

sewingtherose.com

thesmartshareholder.com

afasyah.com

marolamusic.com

lookupgeorgina.com

plataforyou.com

dijcan.com

pawtyparcels.com

interprediction.com

fairerfinancehackathon.net

thehmnshop.com

jocelynlopez.com

launcheffecthouston.com

joyeveryminute.com

spyforu.com

ronerasanjuan.com

gadgetsdesi.com

nmrconsultants.com

travellpod.com

ballparksportscards.com

Targets

- Target
  
  7f3fc7d086447a7e15e0d32bdd885cbc.exe
- Size
  
  270KB
- MD5
  
  7f3fc7d086447a7e15e0d32bdd885cbc
- SHA1
  
  172a3f88a776b461b0e98f72b55b6a82dcf23f2d
- SHA256
  
  ce2ca323cae4838375c60305a3706e6828ab9fd8e30b65b1d0f4c87dbce0f29b
- SHA512
  
  0805830a0ad0f7beef0fa993a6a4ffee0fe27bda95e04009317b0779d8fba1b26b1bd48de64f0d682554c614c4df68b16b8af2d0c2e98099d3e15e29650b7554
Score

10^/10

formbook rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2