formbook

General

Target

PL_106104.exe
Size

503KB
Sample

210510-ekdyysk6se
MD5

77f1784fa00332d5623aba88277eb8c1
SHA1

248f8ad49c0d3ef5ddbfaa5a8721aa4dc08acdf5
SHA256

7515beb02e1280d143b4716f8919e34fadfc7c806e5a354dc3dcd1dd3318882c
SHA512

28e6d83ed4f71557ad2d6a8c026d4ce57082cc95517aae0f7243aafc3edd5f1db70778a290b62f433fb4a5d31d3d8c9c8f119d45f9e01b8a0d6343e7a3e077c7

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.cornerstonerecruitmentasia.com/nke/

Decoy

igroomed.com

teksoles.com

day7.today

workseap.com

arvinlapid.com

tigerk2.com

serenablackcreatives.com

ladyyougotballs.com

sahnakz.com

farmandranchexchange.com

sentinam.info

slapnmacs.com

healthygut365.com

maximepilorge.com

ishratsvalley.com

peridotalchemy.com

solevux.com

xn--vkc6b6baa6ac1jbwc6l.com

dailyruminant.com

loocalcryptos.com

Targets

- Target
  
  PL_106104.exe
- Size
  
  503KB
- MD5
  
  77f1784fa00332d5623aba88277eb8c1
- SHA1
  
  248f8ad49c0d3ef5ddbfaa5a8721aa4dc08acdf5
- SHA256
  
  7515beb02e1280d143b4716f8919e34fadfc7c806e5a354dc3dcd1dd3318882c
- SHA512
  
  28e6d83ed4f71557ad2d6a8c026d4ce57082cc95517aae0f7243aafc3edd5f1db70778a290b62f433fb4a5d31d3d8c9c8f119d45f9e01b8a0d6343e7a3e077c7
Score

10^/10

formbook rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

1

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2