formbook | 199e6cb2e7f907f2f9ff30a25edb130dd330a44fdd6873c83abd4731e2d5f262 | Triage

Sharing

General

Target

RFQ-2176 NEW PROJECT QUOTATION MAY.cab
Size

609KB
Sample

210507-tyb34gby6s
MD5

069f4f64184f2de8ea2b59c8599e723a
SHA1

907048c49433bce35dc436aa534125b93987b1e1
SHA256

199e6cb2e7f907f2f9ff30a25edb130dd330a44fdd6873c83abd4731e2d5f262
SHA512

f0e21335f833ed12e60effa9bfcd06c6733a22cfb634461a86aa08cbfd743ccebe970a16ab133ca33c9e107541c557b819e16c9bb8a6bd99012cc7ff5cd454bc

Score

10^/10

formbook rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.royalelectricvehicle.com/m8uk/

Decoy

blackcountryteshirts.com

pioneergeoscience.com

calacciwedding.com

theelegantdoorbow.com

graciosera.com

kwikversity.com

izita.xyz

drivewiththebest.co.uk

kakback.xyz

sachascott.net

lifeenterprisesystems.com

interimgirl.com

myviralplatform.com

spainmatrimony.com

supergenx.com

leglehla.icu

otlhswdok.icu

1stfdsqnre.com

xxxcentral.net

movimentare.com

Targets

- Target
  
  RFQ-2176 NEW PROJECT QUOTATION MAY.exe
- Size
  
  664KB
- MD5
  
  e635ebf84417ed9ed97d4516de0cdaba
- SHA1
  
  33716297dd627e23010332c9fefd443447aeb47b
- SHA256
  
  cb0386454b283917d742dc6833ef4d7f5aaeeb5cd92acf9d54bb495752cdcda6
- SHA512
  
  e8ceacf9fcb559776237ba2de9518ee557ba8a073820403d59fa1f592c5047d349897003b304f3ee53c075413d7eebbd3a5c962dcf1b3d71f14c642fd4f8c5da
Score

10^/10

formbook rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookratspywarestealertrojan