formbook | 6f6aa9aea231c8d01eddd78fa14d447202bb71c77512265ce9cc195c62ca1c65 | Triage

Sharing

General

Target

Invoice (3).exe
Size

674KB
Sample

210504-9bdayntwvj
MD5

9fe12cde3aa06a540dd00ef6b182c5d0
SHA1

5b71e9d19292cbd95d455ce778db5d5c86270ab0
SHA256

6f6aa9aea231c8d01eddd78fa14d447202bb71c77512265ce9cc195c62ca1c65
SHA512

b223de4772986e3c95c233d49711e538d566527ab7f8b2f0bdbcd75643587ddd6140815c29ff168ea4ab1bd8914053ea697913be81f4d7f37e5e3450a31be465

Score

10^/10

formbook rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.glittergalsboutique.com/8buc/

Decoy

affiliatetraining101.com

sun5new.com

localstuffunlimited.store

getmrn.com

nipandtucknurse.com

companycreater.com

painfullyperfect.com

3dmobilemammo.com

theredbeegroup.net

loochaan.com

alanoliveiramkt.com

lxwzsh.com

twobookramblers.com

cscardinalmalula.net

hanarzr.com

sabaicp.com

foodprocessmedia.com

tirongroup.com

dcentralizedcloud.com

xn--80abnkzb2a.xn--p1acf

Targets

- Target
  
  Invoice (3).exe
- Size
  
  674KB
- MD5
  
  9fe12cde3aa06a540dd00ef6b182c5d0
- SHA1
  
  5b71e9d19292cbd95d455ce778db5d5c86270ab0
- SHA256
  
  6f6aa9aea231c8d01eddd78fa14d447202bb71c77512265ce9cc195c62ca1c65
- SHA512
  
  b223de4772986e3c95c233d49711e538d566527ab7f8b2f0bdbcd75643587ddd6140815c29ff168ea4ab1bd8914053ea697913be81f4d7f37e5e3450a31be465
Score

10^/10

formbook rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Command-Line Interface

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

formbookratspywarestealertrojan

behavioral2

formbookratspywarestealertrojan