formbook | 5965d771551e261280e191116d9ed9aeae23eefea54753f2a23792df5e315b02 | Triage

Sharing

General

Target

IMAGE-20210505-2001902818921.exe
Size

746KB
Sample

210505-8qnb7mzkee
MD5

ca14ee6f98ab550e2e1c44f533302d07
SHA1

66304f4bcc82214ee9cdcfee76f3769be868ddee
SHA256

5965d771551e261280e191116d9ed9aeae23eefea54753f2a23792df5e315b02
SHA512

93eb40379e3ade148bff54bda92c8cd70ad887354ccc5af322dc98cc0661de881e6f6353762dc44f92a35ab1c62b799294d9cf1aae85958c5fdb58d1cfac123c

Score

10^/10

formbook rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.merckcbd.com/dei5/

Decoy

studiomullerphoto.com

reallionairewear.com

dogsalondoggy-tail.com

excelmache.net

bigdiscounters.com

7986799.com

ignition.guru

xiaoxu.info

jpinpd.com

solpool.info

uchooswrewards.com

everestengineeringworks.com

qianglongzhipin.com

deepimper-325.com

appliedrate.com

radsazemehr.com

vivabematividadesfisicas.com

capacitalo.com

somecore.com

listingclass.net

Targets

- Target
  
  IMAGE-20210505-2001902818921.exe
- Size
  
  746KB
- MD5
  
  ca14ee6f98ab550e2e1c44f533302d07
- SHA1
  
  66304f4bcc82214ee9cdcfee76f3769be868ddee
- SHA256
  
  5965d771551e261280e191116d9ed9aeae23eefea54753f2a23792df5e315b02
- SHA512
  
  93eb40379e3ade148bff54bda92c8cd70ad887354ccc5af322dc98cc0661de881e6f6353762dc44f92a35ab1c62b799294d9cf1aae85958c5fdb58d1cfac123c
Score

10^/10

formbook rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookratspywarestealertrojan

behavioral2

formbookratspywarestealertrojan