formbook | ba06bef45227ff0ac912a66434014b848348f6be9780e8d86de0ffcc8c5c2c12 | Triage

Sharing

General

Target

4.exe
Size

643KB
Sample

210423-gfbfrqlgaa
MD5

9c8c50b10343843f860fff79ac4511af
SHA1

c6f52f87914312e817655fc0492815b86d053e90
SHA256

ba06bef45227ff0ac912a66434014b848348f6be9780e8d86de0ffcc8c5c2c12
SHA512

9e6380d41e80a312f2f0e0b588381e57519b50203e436587ab936344787cb54aac7b85c739e048996d729ecc297d6e09ec4a72a7a7e948d554d131ef9647c350

Score

10^/10

formbook rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.ostecosarcomamd.com/gmn/

Decoy

phulieutockemnghiaanhtuyet.com

shortbarrelspirits.com

livestreamreport.com

shopthemuze.com

fmtourist.com

competitionlaw.info

saint-elmos.club

foxcar.net

automatedwoodworks.com

abenillc.net

sfccservices.com

vegeteur.com

bitinnovo.com

in-home-theater.com

yakinikugenki.com

zeednee.com

hospiceinpomona.com

techservicesreviews.com

silkandhoney.store

sport-stars.online

Targets

- Target
  
  4.exe
- Size
  
  643KB
- MD5
  
  9c8c50b10343843f860fff79ac4511af
- SHA1
  
  c6f52f87914312e817655fc0492815b86d053e90
- SHA256
  
  ba06bef45227ff0ac912a66434014b848348f6be9780e8d86de0ffcc8c5c2c12
- SHA512
  
  9e6380d41e80a312f2f0e0b588381e57519b50203e436587ab936344787cb54aac7b85c739e048996d729ecc297d6e09ec4a72a7a7e948d554d131ef9647c350
Score

10^/10

formbook rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

formbookratspywarestealertrojan

behavioral2

formbookratspywarestealertrojan