formbook

General

Target

89002.msi
Size

256KB
Sample

210430-lmqyjpqcra
MD5

a75dd7431fff6664e2a12263881315ef
SHA1

b28f29e87fe4b79bc87fe860d21a16780d31069c
SHA256

6120294360629da33cd6f897de16401325be12ae2cd9dcc03857de7e0b4f94e4
SHA512

dcef03d5e4678aa23d98284cc4c93d535885d6c6b3d2454f12803042393323275db7b32c0d7a553853fffba899d63a5d58fb92e75116d317533879fc28ebcc83

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.111bjs.com/ccr/

Decoy

abdullahlodhi.com

jevya.com

knoxvillerestaurant.com

mekarauroko7389.com

cricketspowder.net

johannchirinos.com

orangeorganical.com

libero-tt.com

lorenaegianluca.com

wintab.net

modernmillievintage.com

zgdqcyw.com

jeffabildgaardmd.com

nurulfikrimakassar.com

findyourchef.com

innovationsservicegroup.com

destek-taleplerimiz.com

whfqqco.icu

kosmetikmadeingermany.com

dieteticos.net

Targets

- Target
  
  89002.msi
- Size
  
  256KB
- MD5
  
  a75dd7431fff6664e2a12263881315ef
- SHA1
  
  b28f29e87fe4b79bc87fe860d21a16780d31069c
- SHA256
  
  6120294360629da33cd6f897de16401325be12ae2cd9dcc03857de7e0b4f94e4
- SHA512
  
  dcef03d5e4678aa23d98284cc4c93d535885d6c6b3d2454f12803042393323275db7b32c0d7a553853fffba899d63a5d58fb92e75116d317533879fc28ebcc83
Score

10^/10

formbook rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2

T1012

Peripheral Device Discovery

2

T1120

System Information Discovery

3

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Executes dropped EXE

Loads dropped DLL

Enumerates connected drives

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2