formbook

General

Target

dd1b4545786b29ca6a8f193e48055d06.exe
Size

228KB
Sample

210505-tmprn2lefs
MD5

dd1b4545786b29ca6a8f193e48055d06
SHA1

292b3f6cdf438ff33667c4160be9016e32187af2
SHA256

f88dc07bd8d9ecaabaaad76a092029221077b4eba8d67714dc750b15a59d74f3
SHA512

74d06fe3bef055508c4a4233093989c573fc24f1761fc425a530678c78ba1988f38270190037479a396737e6f87461214f9a33c8b4cdd6bdc19de92a11e6e80c

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.shoprodeovegas.com/xcl/

Decoy

sewingtherose.com

thesmartshareholder.com

afasyah.com

marolamusic.com

lookupgeorgina.com

plataforyou.com

dijcan.com

pawtyparcels.com

interprediction.com

fairerfinancehackathon.net

thehmnshop.com

jocelynlopez.com

launcheffecthouston.com

joyeveryminute.com

spyforu.com

ronerasanjuan.com

gadgetsdesi.com

nmrconsultants.com

travellpod.com

ballparksportscards.com

Targets

- Target
  
  dd1b4545786b29ca6a8f193e48055d06.exe
- Size
  
  228KB
- MD5
  
  dd1b4545786b29ca6a8f193e48055d06
- SHA1
  
  292b3f6cdf438ff33667c4160be9016e32187af2
- SHA256
  
  f88dc07bd8d9ecaabaaad76a092029221077b4eba8d67714dc750b15a59d74f3
- SHA512
  
  74d06fe3bef055508c4a4233093989c573fc24f1761fc425a530678c78ba1988f38270190037479a396737e6f87461214f9a33c8b4cdd6bdc19de92a11e6e80c
Score

10^/10

formbook rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2