formbook

General

Target

SecuriteInfo.com.Gen.Variant.Androm.29.12612.8788
Size

252KB
Sample

210507-hqlacnl1ye
MD5

2a284fbd7e5e4f010e9322e93a238fde
SHA1

1d4621ba747111332fd2f8c9bae67c5c44fc768a
SHA256

c09b2348606b04620b185f4658474843eef3d9ec99ae70145a481b955d50aebf
SHA512

3707c20b942b05e6146f2d4ec20dcd28f73bbb9b5ff279bbc599cd5365c4940aefba2d619dd842b0a4b7a6df16a28536462630f7dbe6a82e4918123eaa40d1d7

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.craftsman-vail.com/cca/

Decoy

whenpigsflyhigh.com

artistiklounge.com

tinytrendstique.com

projektpartner-ag.com

charvelevh.com

easycompliances.net

zengheqiye.com

professionalmallorca.com

bonzerstudio.com

nelivo.com

yangxeric.com

aredntech.com

twincitieshousingmarket.com

allshadesunscreen.com

xiang-life.net

qmcp00011.com

lindsayeandmarkv.com

fbcsbvsbvsjbvjs.com

saveonthrivelife.com

newdpo.com

Targets

- Target
  
  SecuriteInfo.com.Gen.Variant.Androm.29.12612.8788
- Size
  
  252KB
- MD5
  
  2a284fbd7e5e4f010e9322e93a238fde
- SHA1
  
  1d4621ba747111332fd2f8c9bae67c5c44fc768a
- SHA256
  
  c09b2348606b04620b185f4658474843eef3d9ec99ae70145a481b955d50aebf
- SHA512
  
  3707c20b942b05e6146f2d4ec20dcd28f73bbb9b5ff279bbc599cd5365c4940aefba2d619dd842b0a4b7a6df16a28536462630f7dbe6a82e4918123eaa40d1d7
Score

10^/10

formbook rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2

T1012

Peripheral Device Discovery

2

T1120

System Information Discovery

3

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Executes dropped EXE

Loads dropped DLL

Enumerates connected drives

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2