formbook

General

Target

ETC-B72-LT-0149-03-AR.exe
Size

228KB
Sample

210502-p1qrnhvefe
MD5

dc27e4474182fe41de857278c2488574
SHA1

0b5b93dc9e3389de1a3d04c4d03fa5c0532aef1e
SHA256

facc651f7697bb357b528e0fdcbfcb0601abcaad0f2bd31eee54792aa8ee66e3
SHA512

9025ad32d289464770182ce597838a1a0c79aff8a337c0e9a3a5ecf4f7343f24029a7551c6a6559d36a6e4e624429241445984ef5e987c88952eb87529f01fed

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.shoprodeovegas.com/xcl/

Decoy

sewingtherose.com

thesmartshareholder.com

afasyah.com

marolamusic.com

lookupgeorgina.com

plataforyou.com

dijcan.com

pawtyparcels.com

interprediction.com

fairerfinancehackathon.net

thehmnshop.com

jocelynlopez.com

launcheffecthouston.com

joyeveryminute.com

spyforu.com

ronerasanjuan.com

gadgetsdesi.com

nmrconsultants.com

travellpod.com

ballparksportscards.com

Targets

- Target
  
  ETC-B72-LT-0149-03-AR.exe
- Size
  
  228KB
- MD5
  
  dc27e4474182fe41de857278c2488574
- SHA1
  
  0b5b93dc9e3389de1a3d04c4d03fa5c0532aef1e
- SHA256
  
  facc651f7697bb357b528e0fdcbfcb0601abcaad0f2bd31eee54792aa8ee66e3
- SHA512
  
  9025ad32d289464770182ce597838a1a0c79aff8a337c0e9a3a5ecf4f7343f24029a7551c6a6559d36a6e4e624429241445984ef5e987c88952eb87529f01fed
Score

10^/10

formbook rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Deletes itself

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2