formbook | 260efa00c07e74c629b2284ee64bbc42df7c4bb55d43a4988b72ccd05beae0f0 | Triage

Sharing

General

Target

Ð¾Ð±Ñ_Ð°Ð·Ñ†Ñ‹ Ð¿Ñ_Ð¾Ð´ÑƒÐºÑ†Ð¸Ð¸ Ð·Ð°ÐºÐ°Ð·Ð°Ñ‚ÑŒ pdf.exe.xz
Size

506KB
Sample

210831-22ck469twa
MD5

a4e1f1b0d1faeb17dea3f830a64b917d
SHA1

1001ef2f46a1d6612820417e91c9529f160b072f
SHA256

260efa00c07e74c629b2284ee64bbc42df7c4bb55d43a4988b72ccd05beae0f0
SHA512

aaa98be59d178fbbc556b34b6e354e91d1baaecadc72eeece91861248da88d7528bfb80fd0516f3c33ad34bbb80fabe9da1ad2488697076182ffe6629584050c

Score

10^/10

formbook n7ak rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

n7ak

C2

http://www.kmresults.com/n7ak/

Decoy

modischoolcbse.com

theneverwinter.com

rszkjx-vps-hosting.website

fnihil.com

1pbet.com

nnowzscorrez.com

uaotgvjl.icu

starmapsqatar.com

ekisilani.com

extradeepsheets.com

jam-nins.com

buranly.com

orixentertainment.com

rawtech.energy

myol.guru

utex.club

jiapie.com

wowig.store

wweidlyyl.com

systaskautomation.com

Targets

- Target
  
  Ð¾Ð±Ñ_Ð°Ð·Ñ†Ñ‹ Ð¿Ñ_Ð¾Ð´ÑƒÐºÑ†Ð¸Ð¸ Ð·Ð°ÐºÐ°Ð·Ð°Ñ‚ÑŒ pdf.exe
- Size
  
  559KB
- MD5
  
  f750108de86e79c14390ac0661a67b87
- SHA1
  
  d83e517431a18b4fbe0d477ec980e08b3d57bf1c
- SHA256
  
  de73d97fc56e19954fbec37b94bc65014305cc288b71ae6889bf37ac193c0333
- SHA512
  
  f0b2a919ae68a1aab25901662d5a240620030093f87c3e7e3262822c5b085b88d9039cb594ff7c94e38072c4803b0b3beff5f15e651cd92824752df27820d761
Score

10^/10

formbook n7ak rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

formbookn7akratspywarestealertrojan

behavioral2

formbookn7akratspywarestealertrojan