formbook

General

Target

mal.pif
Size

591KB
Sample

210722-2bczf9mp4n
MD5

b9bca038d7532ec8a1a9ba0e867061bc
SHA1

6596ac1216bf03d88482415755c499ed6388cab4
SHA256

24d91f6c3dcad36d65e45821d520aaabc2f4a87bb1ab512d6807377010d5680e
SHA512

861bfb748cd3060698d23e04e0b58d2e2eb12dedfbfdeeece6a5643bdeab9472bbe3f73d144e95fd78e8ee862ae3fde9385b11b2f35b0ea0c974326d70846e6d

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.trendtechpros.com/sm3l/

Decoy

svp-india.com

feistyflowerfarmers.com

artprogressive.com

thedavidweaver.com

currentputative.life

bluedot3dwdbuy.com

xxxmeetme.com

signify2.com

converseshoes-canada.com

schemabuilder.net

crmcti.com

mctrh.com

ringroadpartners.com

stresslesspilates.com

directorytexas.xyz

sarahcarver.com

diigveda.com

lifeliveslive.com

inprize2020.club

sellerbantuan-bukalapak.com

Targets

- Target
  
  mal.pif
- Size
  
  591KB
- MD5
  
  b9bca038d7532ec8a1a9ba0e867061bc
- SHA1
  
  6596ac1216bf03d88482415755c499ed6388cab4
- SHA256
  
  24d91f6c3dcad36d65e45821d520aaabc2f4a87bb1ab512d6807377010d5680e
- SHA512
  
  861bfb748cd3060698d23e04e0b58d2e2eb12dedfbfdeeece6a5643bdeab9472bbe3f73d144e95fd78e8ee862ae3fde9385b11b2f35b0ea0c974326d70846e6d
Score

10^/10

formbook rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

1

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2