formbook

General

Target

SecuriteInfo.com.Gen.Variant.Androm.29.12667.1300
Size

226KB
Sample

210511-racp9dthfs
MD5

3865c28dc1c2be2176865bdbee3aef15
SHA1

cf47737b8783d2aea099151e9de4d7e99c8d97b8
SHA256

47795e947ae1864d553396ae7b191c6c507f2e5e50ced435018906c43f2364e5
SHA512

98e8be25ad8008dbadff4ef983b921b670fac5db2de421ddc6423a366ee7f25ea9f0f1dc48fc5e4e5147ac65a90e59b7ccc73a564e5f7b0f813e3816bb7c6482

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.knighttechinca.com/dxe/

Decoy

sardarfarm.com

959tremont.com

privat-livecam.net

ansel-homebakery.com

joysupermarket.com

peninsulamatchmakers.net

northsytyle.com

radioconexaoubermusic.com

relocatingrealtor.com

desyrnan.com

onlinehoortoestel.online

enpointe.online

rvvikings.com

paulpoirier.com

shitarpa.net

kerneis.net

rokitreach.com

essentiallygaia.com

prestiged.net

fuerzaagavera.com

Targets

- Target
  
  SecuriteInfo.com.Gen.Variant.Androm.29.12667.1300
- Size
  
  226KB
- MD5
  
  3865c28dc1c2be2176865bdbee3aef15
- SHA1
  
  cf47737b8783d2aea099151e9de4d7e99c8d97b8
- SHA256
  
  47795e947ae1864d553396ae7b191c6c507f2e5e50ced435018906c43f2364e5
- SHA512
  
  98e8be25ad8008dbadff4ef983b921b670fac5db2de421ddc6423a366ee7f25ea9f0f1dc48fc5e4e5147ac65a90e59b7ccc73a564e5f7b0f813e3816bb7c6482
Score

10^/10

formbook rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2