formbook | c1213a12b0b441fb0eb8b74740b243a3ac24b3685c02a62897761e78381f6141 | Triage

Sharing

General

Target

shipping document pdf.exe
Size

589KB
Sample

210430-h9gpvk395s
MD5

a944814a7834420e867e3aef8a6648e9
SHA1

bfb53e20b81e77a33934b48ea66f92b70c319c5c
SHA256

c1213a12b0b441fb0eb8b74740b243a3ac24b3685c02a62897761e78381f6141
SHA512

e842415ae625de9ab49fa514425964030e4ff2a2033843b496c7d6f15f907c89aaf82fb8f72f279cebd7e8173228b3ac56077dd46ed85314ea750ffd5070c62f

Score

10^/10

formbook rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.onlytwod.xyz/htl/

Decoy

bankeveyone.com

dumbmask.info

otrazhenie.space

pindd2.com

176whalebeachroad.com

onebook.world

mymuslimlawyer.com

xkhfw.com

bensbbq5931.com

pirateequitypatrick.com

medwebconsult.com

dungeonrunarena.com

friendlyukes.club

17pk.world

srtravails.com

kai-arts.com

fyuvpn.com

floryi.com

festesni.com

assroyalty.club

Targets

- Target
  
  shipping document pdf.exe
- Size
  
  589KB
- MD5
  
  a944814a7834420e867e3aef8a6648e9
- SHA1
  
  bfb53e20b81e77a33934b48ea66f92b70c319c5c
- SHA256
  
  c1213a12b0b441fb0eb8b74740b243a3ac24b3685c02a62897761e78381f6141
- SHA512
  
  e842415ae625de9ab49fa514425964030e4ff2a2033843b496c7d6f15f907c89aaf82fb8f72f279cebd7e8173228b3ac56077dd46ed85314ea750ffd5070c62f
Score

10^/10

formbook rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookratspywarestealertrojan

behavioral2

formbookratspywarestealertrojan