formbook

General

Target

5A47B6ECD963805410D996573CA00DD0.msi
Size

256KB
Sample

210505-8wq9nr74es
MD5

5a47b6ecd963805410d996573ca00dd0
SHA1

2440e9a1a76573d9506b752d31b10a788d82b215
SHA256

cd5cf89c75b6639053a9f493d611b7b575c0ce09d5388a7fdb0e5e92ea05a3c2
SHA512

4e350b16e212435373343662d3b1636861f5fb704f7bc40e84b8c7cc47c2419c37edb6851da87482566a744f84f3e1459e60094971ee24ff2c4838d02b003cad

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.craftsman-vail.com/cca/

Decoy

whenpigsflyhigh.com

artistiklounge.com

tinytrendstique.com

projektpartner-ag.com

charvelevh.com

easycompliances.net

zengheqiye.com

professionalmallorca.com

bonzerstudio.com

nelivo.com

yangxeric.com

aredntech.com

twincitieshousingmarket.com

allshadesunscreen.com

xiang-life.net

qmcp00011.com

lindsayeandmarkv.com

fbcsbvsbvsjbvjs.com

saveonthrivelife.com

newdpo.com

Targets

- Target
  
  5A47B6ECD963805410D996573CA00DD0.msi
- Size
  
  256KB
- MD5
  
  5a47b6ecd963805410d996573ca00dd0
- SHA1
  
  2440e9a1a76573d9506b752d31b10a788d82b215
- SHA256
  
  cd5cf89c75b6639053a9f493d611b7b575c0ce09d5388a7fdb0e5e92ea05a3c2
- SHA512
  
  4e350b16e212435373343662d3b1636861f5fb704f7bc40e84b8c7cc47c2419c37edb6851da87482566a744f84f3e1459e60094971ee24ff2c4838d02b003cad
Score

10^/10

formbook rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2

T1012

Peripheral Device Discovery

2

T1120

System Information Discovery

3

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Executes dropped EXE

Loads dropped DLL

Enumerates connected drives

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2