formbook

General

Target

FORM.EXE
Size

934KB
Sample

210722-sk62nl3aes
MD5

bd472cf05ab7f61043a3035af93b4252
SHA1

0b1206c106583ea7c7ff9fb08ac0cf521e84526f
SHA256

c0f9927bbf25d29cc37936db7b00a09f94b23dcbec9103b77802891c49b9f4c3
SHA512

1f471469b87441968228af63bb8701b05eb5c94e7d6736ab24a3c68b5ff6f632bd04519ed0794cf3bd9317273db195544213bc43f139c24a5684ef4bd671c087

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.trendtechpros.com/sm3l/

Decoy

svp-india.com

feistyflowerfarmers.com

artprogressive.com

thedavidweaver.com

currentputative.life

bluedot3dwdbuy.com

xxxmeetme.com

signify2.com

converseshoes-canada.com

schemabuilder.net

crmcti.com

mctrh.com

ringroadpartners.com

stresslesspilates.com

directorytexas.xyz

sarahcarver.com

diigveda.com

lifeliveslive.com

inprize2020.club

sellerbantuan-bukalapak.com

Targets

- Target
  
  FORM.EXE
- Size
  
  934KB
- MD5
  
  bd472cf05ab7f61043a3035af93b4252
- SHA1
  
  0b1206c106583ea7c7ff9fb08ac0cf521e84526f
- SHA256
  
  c0f9927bbf25d29cc37936db7b00a09f94b23dcbec9103b77802891c49b9f4c3
- SHA512
  
  1f471469b87441968228af63bb8701b05eb5c94e7d6736ab24a3c68b5ff6f632bd04519ed0794cf3bd9317273db195544213bc43f139c24a5684ef4bd671c087
Score

10^/10

formbook rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2