formbook

General

Target

SecuriteInfo.com.W32.Injector.AHL.genEldorado.26044.10817
Size

256KB
Sample

210503-dgkezfk1pa
MD5

209bb97a7d4d13ab2482bd82fd987b50
SHA1

55065471e78d7d34826e4df38f4538bb2c17a63a
SHA256

ee1e6c57be9de3dde5f374dd49232f23b3667b52fdf770649bbd27a1abceaa16
SHA512

de6bb5d78edf6a89c96d7a3af5ae679ce019ce2e737bdf13b81a0fdf00ddc1145022255d7bcb3b45b07112cf7e14cfabdf7effc7d54fdedc804251aec1e76e73

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.111bjs.com/ccr/

Decoy

abdullahlodhi.com

jevya.com

knoxvillerestaurant.com

mekarauroko7389.com

cricketspowder.net

johannchirinos.com

orangeorganical.com

libero-tt.com

lorenaegianluca.com

wintab.net

modernmillievintage.com

zgdqcyw.com

jeffabildgaardmd.com

nurulfikrimakassar.com

findyourchef.com

innovationsservicegroup.com

destek-taleplerimiz.com

whfqqco.icu

kosmetikmadeingermany.com

dieteticos.net

Targets

- Target
  
  SecuriteInfo.com.W32.Injector.AHL.genEldorado.26044.10817
- Size
  
  256KB
- MD5
  
  209bb97a7d4d13ab2482bd82fd987b50
- SHA1
  
  55065471e78d7d34826e4df38f4538bb2c17a63a
- SHA256
  
  ee1e6c57be9de3dde5f374dd49232f23b3667b52fdf770649bbd27a1abceaa16
- SHA512
  
  de6bb5d78edf6a89c96d7a3af5ae679ce019ce2e737bdf13b81a0fdf00ddc1145022255d7bcb3b45b07112cf7e14cfabdf7effc7d54fdedc804251aec1e76e73
Score

10^/10

formbook rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2

T1012

Peripheral Device Discovery

2

T1120

System Information Discovery

3

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Executes dropped EXE

Loads dropped DLL

Enumerates connected drives

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2