formbook

General

Target

SWIT BANK PAPER PAYMENT.r00
Size

214KB
Sample

210503-kyl7kz3f5a
MD5

85f438d998369541669209b987f0985c
SHA1

8f8b65378bc374f0a388ca5a058d529e656b2bd2
SHA256

5f98e18c91045da2be067a8769817a55f3200324ae7535229fa83e7b67616c54
SHA512

589916ed4ab3f0750f17112c697d5e4eb332ee54955cb8b3aeecc3791e88a6c14b1acb3f13d757ceb8989c3eb631b139d71111ae6a695bedf42e843c9d2fd120

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.magnumopuspro.com/nyr/

Decoy

anemone-vintage.com

ironcitytools.com

joshandmatthew.com

breathtakingscenery.photos

karabakh-terror.com

micahelgall.com

entretiendesterrasses.com

mhgholdings.com

blewm.com

sidewalknotary.com

ytrs-elec.com

danhpham.com

ma21cle2henz.xyz

lotusforlease.com

shipleyphotoandfilm.com

bulktool.xyz

ouedzmala.com

yichengvpr.com

connectmygames.com

chjcsc.com

Targets

- Target
  
  SWIT BANK PAPER PAYMENT.exe
- Size
  
  229KB
- MD5
  
  8f885ac76bebc591a72f73eb3deb3d73
- SHA1
  
  82af5568c6ed1af66f1f69616fc836e4c31cabb0
- SHA256
  
  7f81bdd235dca279812a46cec7f585bde9d681906dba1398e8ac86dfc877d079
- SHA512
  
  fb942be934ac962294c6534441c971e491f33f9d72c97f7f533edcb94e531ab675748e7775a663f133e20b3997f34e135ed663957cb8bb9ea7543fd2d2fb9d00
Score

10^/10

formbook rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Deletes itself

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2