formbook

General

Target

556791.msi
Size

252KB
Sample

210507-zrerlqwq52
MD5

04d6b8269105608ef9a560927dc3a9fa
SHA1

80f9a44457b63b766ce26acfb69676a402c2b838
SHA256

dd3ecf0b5a39b287ba63687fe12ff1f1fcdde34adf0f3e30f7990ebc158347d8
SHA512

5e3b4db37438d9cc3591867ad38d1d7d9c1cb24b13ce2a798a7a1c8627ef64c157241d734067446f3ef4856ca5513db3d61c17ea030bca9361e01fb0fcdb31d2

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.111bjs.com/ccr/

Decoy

abdullahlodhi.com

jevya.com

knoxvillerestaurant.com

mekarauroko7389.com

cricketspowder.net

johannchirinos.com

orangeorganical.com

libero-tt.com

lorenaegianluca.com

wintab.net

modernmillievintage.com

zgdqcyw.com

jeffabildgaardmd.com

nurulfikrimakassar.com

findyourchef.com

innovationsservicegroup.com

destek-taleplerimiz.com

whfqqco.icu

kosmetikmadeingermany.com

dieteticos.net

Targets

- Target
  
  556791.msi
- Size
  
  252KB
- MD5
  
  04d6b8269105608ef9a560927dc3a9fa
- SHA1
  
  80f9a44457b63b766ce26acfb69676a402c2b838
- SHA256
  
  dd3ecf0b5a39b287ba63687fe12ff1f1fcdde34adf0f3e30f7990ebc158347d8
- SHA512
  
  5e3b4db37438d9cc3591867ad38d1d7d9c1cb24b13ce2a798a7a1c8627ef64c157241d734067446f3ef4856ca5513db3d61c17ea030bca9361e01fb0fcdb31d2
Score

10^/10

formbook rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2

T1012

Peripheral Device Discovery

2

T1120

System Information Discovery

3

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Executes dropped EXE

Loads dropped DLL

Enumerates connected drives

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2