formbook

General

Target

CONTRACT AGREEMENT.exe
Size

922KB
Sample

210422-gbbwm59lae
MD5

8c4ef77f2188376d18585f302cf246f8
SHA1

dddb03519e45d1674c2c5c703113d63741c30c95
SHA256

c4694ce810c06b60cd032b8ff67964924a0c273a81f8ca5ce55064cf9fb6ec0a
SHA512

e57624896f71e832353129a9de073673e211c0904fcd61d0172a08487582f0e649c831c1465e6837cb0a84580a721680a8553ad563d80f7c0123049deee1431a

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.middlehambooks.com/klf/

Decoy

podcastyourvote.com

northernlsx.com

guide4idiots.com

artebythesea.com

sapanyc.com

livinoutthedreamsco.com

thepowersinyou.com

protocolmodern.com

holdergear.com

betteringthehumanexperience.xyz

agnostec.com

royermaldonado.com

wealthtruckingco.com

artcode-software.com

microsoftpods.com

identityofplace.com

algoritas.com

grandpaurbanfarm.net

zahidibr.com

flawlessdrinking.com

Targets

- Target
  
  CONTRACT AGREEMENT.exe
- Size
  
  922KB
- MD5
  
  8c4ef77f2188376d18585f302cf246f8
- SHA1
  
  dddb03519e45d1674c2c5c703113d63741c30c95
- SHA256
  
  c4694ce810c06b60cd032b8ff67964924a0c273a81f8ca5ce55064cf9fb6ec0a
- SHA512
  
  e57624896f71e832353129a9de073673e211c0904fcd61d0172a08487582f0e649c831c1465e6837cb0a84580a721680a8553ad563d80f7c0123049deee1431a
Score

10^/10

formbook rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2