formbook | 87946dcd976eb13af37e24ff68e36a03d2f46a9ae474f336207cf03cbbb0b508 | Triage

Sharing

General

Target

Yeni siparis ekteki listede.exe
Size

962KB
Sample

210902-fp58f1cz7j
MD5

a7ab9ba241d1caa4b43ee261be601d2f
SHA1

ffb7515430b7f27b50e70a4f14f86e18f12f1983
SHA256

87946dcd976eb13af37e24ff68e36a03d2f46a9ae474f336207cf03cbbb0b508
SHA512

5f31695db32997f00c9a0740e139df94ab66db10f00f6231e3518f667285bb06072ce6fbcb5d4d1c6d448c56b4bec0409c91ac970c63244d81c7c860448e8fd0

Score

10^/10

formbook 3nop rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

3nop

C2

http://www.jakesplacebarbers.com/3nop/

Decoy

videohm.com

panache-rose.com

alnooncars-kw.com

trueblue2u.com

brussels-cafe.com

ip2c.net

influenzerr.com

rbcoq.com

zzful.com

drainthe.com

sumaholesson.com

cursosaprovados.com

genotecinc.com

dbrulhart.com

theapiarystudios.com

kensyu-kan.com

dkku88.com

tikhyper.com

aztecnort.com

homebrim.com

Targets

- Target
  
  Yeni siparis ekteki listede.exe
- Size
  
  962KB
- MD5
  
  a7ab9ba241d1caa4b43ee261be601d2f
- SHA1
  
  ffb7515430b7f27b50e70a4f14f86e18f12f1983
- SHA256
  
  87946dcd976eb13af37e24ff68e36a03d2f46a9ae474f336207cf03cbbb0b508
- SHA512
  
  5f31695db32997f00c9a0740e139df94ab66db10f00f6231e3518f667285bb06072ce6fbcb5d4d1c6d448c56b4bec0409c91ac970c63244d81c7c860448e8fd0
Score

10^/10

formbook 3nop rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

formbook3nopratspywarestealertrojan