formbook | b87631dd4125cdc5775d67fb2ec619c9772d47151d7196af7793cd10e8a377ab | Triage

Sharing

General

Target

PO.exe
Size

58.0MB
Sample

210510-vk1rttqd8a
MD5

39452d43693baa6d75c1a57e58186d8e
SHA1

55d035bb23f2b9581a791d841067a4169d4b2221
SHA256

b87631dd4125cdc5775d67fb2ec619c9772d47151d7196af7793cd10e8a377ab
SHA512

07dbb8b08d02a499f8b713519110b90856b5e63314c4790552186ff3f875575408f561cec8b36e4e5f5bf9654a1fd3a2e3ab832a3217f0e37a616654d3691d9e

Score

10^/10

formbook rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.monsunconsulting.com/gnf/

Decoy

phongthuythienan.website

andreaknightteacherauthor.com

lifeswatercolors.com

572215.com

kolm-polymers.com

turkishmarket.guru

jonnybravoarmory.com

wedatseasonings.com

worstdread.com

arisealf.com

gpsemployerservices.com

glorybit.com

purposeprowrestling.com

funlifecycle.com

bprattservices.com

pumpkinpundit.com

kustomhydraulics.com

accounteyei.com

visionagny.com

iddomum.com

Targets

- Target
  
  PO.exe
- Size
  
  58.0MB
- MD5
  
  39452d43693baa6d75c1a57e58186d8e
- SHA1
  
  55d035bb23f2b9581a791d841067a4169d4b2221
- SHA256
  
  b87631dd4125cdc5775d67fb2ec619c9772d47151d7196af7793cd10e8a377ab
- SHA512
  
  07dbb8b08d02a499f8b713519110b90856b5e63314c4790552186ff3f875575408f561cec8b36e4e5f5bf9654a1fd3a2e3ab832a3217f0e37a616654d3691d9e
Score

10^/10

formbook rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookratspywarestealertrojan

behavioral2

formbookratspywarestealertrojan