formbook

General

Target

202139769574 Shipping Documents.r11
Size

214KB
Sample

210504-zevm7nqevs
MD5

c509b6a808c193e10da64c8835361080
SHA1

bc20b979b8d1e77d39389b5b9786a97bc76d1ac7
SHA256

5b37a66d9c4dce04b671f22c0746f1472e9dc089972e4b0c949d3884bfcb2b66
SHA512

57ad97d6015929d3eaf39dd0c7d75264084a8e76d7bae7c54801245a54676f10ad8901e334c2d4f97aa71981502eb2c55f4730201549fa6b7750d962717c8c6e

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.magnumopuspro.com/nyr/

Decoy

anemone-vintage.com

ironcitytools.com

joshandmatthew.com

breathtakingscenery.photos

karabakh-terror.com

micahelgall.com

entretiendesterrasses.com

mhgholdings.com

blewm.com

sidewalknotary.com

ytrs-elec.com

danhpham.com

ma21cle2henz.xyz

lotusforlease.com

shipleyphotoandfilm.com

bulktool.xyz

ouedzmala.com

yichengvpr.com

connectmygames.com

chjcsc.com

Targets

- Target
  
  202139769574 Shipping Documents.exe
- Size
  
  229KB
- MD5
  
  eee5f618718bc8237bb9c7a48154cf1a
- SHA1
  
  84dc873f65dc9e86978944d1adddb762efcf2631
- SHA256
  
  cc7b066e0fa912d406c27790458ad6feb171b27275b6e3fe46b7a7574da7bfce
- SHA512
  
  8f49fab9642c63814bc77ff302d05719d92404fe38bd220060a161c51b3f6f129bd5c4b2a4b3a2e1e239488e31f157f32b772505f8501003682cc9904d205c57
Score

10^/10

formbook rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

1

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

2

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Deletes itself

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2