formbook | 2ab4dc35e47019378cb6acc7be371790eba069b80e8439df9c292cecf62364f0 | Triage

Sharing

General

Target

4776360031715328.zip
Size

13KB
Sample

210722-dj7r7djagn
MD5

ceb80a7ca4fd54be2c8c0100e1b6d4f9
SHA1

7b2768409e7cab07b639b68c7072d73662d289cf
SHA256

2ab4dc35e47019378cb6acc7be371790eba069b80e8439df9c292cecf62364f0
SHA512

2cade31a1840392fd305797c0475ea1f315c03d018f2b6b00431e0ab200514047373ec4aa614772120f6d7c0693b3845a0537833c327759ab074680807f07e8e

Score

10^/10

formbook rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.containerflippers.com/np0c/

Decoy

spartansurebets.com

threelakestradingco.com

metaspace.global

zjenbao.com

directlyincluded.press

peterchadri.com

learnhousebreaking.com

wonobattle.online

leadate.com

shebafarmscali.com

top4thejob.online

awakeyourfaith.com

bedford-st.com

lolwhats.com

cucurumbel.com

lokalbazaar.com

matter.pro

eastcountyanimalrescue.com

musesgirl.com

noordinarydairy.com

Targets

- Target
  
  8c4b07ce49252a4ed12ad611a9f8fde65a63fc12368c6726776e86e140d3872e
- Size
  
  49KB
- MD5
  
  1e7bc879d7960afaa08148c635ae534f
- SHA1
  
  e1a0db056bdc1cba07ef43c27a80e5bfd79b4eac
- SHA256
  
  8c4b07ce49252a4ed12ad611a9f8fde65a63fc12368c6726776e86e140d3872e
- SHA512
  
  87305e45665309e3e6de38aae33a61481445257cbef1f4ce268db0223481bb6b0acaed8d81aafee00a43d53b0278fd27a2fcd34ef51b670ca86c34108ea49366
Score

10^/10

formbook rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

formbookratspywarestealertrojan

behavioral2