formbook

General

Target

Yeni Satin Alma Siparisi ektedir.zip
Size

366KB
Sample

210911-th7qasbed4
MD5

bfdd0051da9ab1d475b8624f861881d3
SHA1

3ab15ef44de0c235ab06d1811eadd4bd43fcd08c
SHA256

8b516901a17ec32794de8c3577cba8cdcc9e85577a5d2e8a244cd202b5b01cc7
SHA512

9061b2e572ba3bf5bb9d1c69672100cea8c7ffd7a1cb8a735f5049998e891f38be7805928364f2a5d9ca96c8647cde45fa2f3861c56a8e8b23876e7e8498ba33

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

3nop

C2

http://www.jakesplacebarbers.com/3nop/

Decoy

videohm.com

panache-rose.com

alnooncars-kw.com

trueblue2u.com

brussels-cafe.com

ip2c.net

influenzerr.com

rbcoq.com

zzful.com

drainthe.com

sumaholesson.com

cursosaprovados.com

genotecinc.com

dbrulhart.com

theapiarystudios.com

kensyu-kan.com

dkku88.com

tikhyper.com

aztecnort.com

homebrim.com

Targets

- Target
  
  Bdcuhmcgbsvmxhmuasrulqqnfbjdnogomk.exe
- Size
  
  814KB
- MD5
  
  717297fec68e9172593a36a67549619f
- SHA1
  
  73e8625983cb413b91b608db347177584c680a22
- SHA256
  
  4d80ab79360b092bb5d8fa41d14388dffe5ef42839b6dbbf741f0ce5c3424d1e
- SHA512
  
  3f363a8b8971d843f7c158b3dc76de854895a76fe0e4a6dbb6b40b650d0cec760bea15179128e52fed044e2cee6964f2b70db5abf253e873feb327d6b99ba7df
Score

10^/10

formbook 3nop rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2