formbook | 80513ce09728ee99387db56c825b6f2ec5ad274f5c90117d25ca822deeb98419 | Triage

Sharing

General

Target

INVOICE20210422990388921.exe
Size

927KB
Sample

210422-xemt79gx4s
MD5

0d1ba315df020e9a09a71fdfcc224e58
SHA1

28c5fcd5277f28e6dd902176fe5424253629a569
SHA256

80513ce09728ee99387db56c825b6f2ec5ad274f5c90117d25ca822deeb98419
SHA512

489793ddf48c2dde19a512c46fc38b5eed16e50ed7d55378635d62887fa5e1b1c38608d13c2903d1a4d3945d46009ad2334a73c56d56198d58ef20f9a45fda4a

Score

10^/10

formbook rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.merckcbd.com/dei5/

Decoy

studiomullerphoto.com

reallionairewear.com

dogsalondoggy-tail.com

excelmache.net

bigdiscounters.com

7986799.com

ignition.guru

xiaoxu.info

jpinpd.com

solpool.info

uchooswrewards.com

everestengineeringworks.com

qianglongzhipin.com

deepimper-325.com

appliedrate.com

radsazemehr.com

vivabematividadesfisicas.com

capacitalo.com

somecore.com

listingclass.net

Targets

- Target
  
  INVOICE20210422990388921.exe
- Size
  
  927KB
- MD5
  
  0d1ba315df020e9a09a71fdfcc224e58
- SHA1
  
  28c5fcd5277f28e6dd902176fe5424253629a569
- SHA256
  
  80513ce09728ee99387db56c825b6f2ec5ad274f5c90117d25ca822deeb98419
- SHA512
  
  489793ddf48c2dde19a512c46fc38b5eed16e50ed7d55378635d62887fa5e1b1c38608d13c2903d1a4d3945d46009ad2334a73c56d56198d58ef20f9a45fda4a
Score

10^/10

formbook rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookratspywarestealertrojan

behavioral2

formbookratspywarestealertrojan