formbook | ec427d5a521cdc4f2690ac7ffa883c982c4e3008991127998b0cfdf32f240f30 | Triage

Sharing

General

Target

010013.exe
Size

587KB
Sample

211014-qd9gjsheh8
MD5

b670879d45e75eb7f88fe047f9e88e5f
SHA1

7497d669a327aebf33ec9dd1c554444d4ee826cf
SHA256

ec427d5a521cdc4f2690ac7ffa883c982c4e3008991127998b0cfdf32f240f30
SHA512

b3f60dc3e35babbce28cbbdb21e067dbdfa41b05ccfb35693bc4c84db90fe32551701924ede85517cd5676cca999a16d3bffc71175a97b1ea74ad41cfcc45839

Score

10^/10

formbook o4ms rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

o4ms

C2

http://www.nocodehost.com/o4ms/

Decoy

fishingboatpub.com

trebor72.com

qualitycleanaustralia.com

amphilykenyx.com

jayte90.net

alveegrace.com

le-fleursoleil.com

volumoffer.com

businessbookwriters.com

alpin-art.com

firsttastetogo.com

catofc.com

ref-290.com

sbo2008.com

fortlauderdaleelevators.com

shanghaiyalian.com

majestybags.com

afcerd.com

myceliated.com

ls0a.com

Targets

- Target
  
  010013.exe
- Size
  
  587KB
- MD5
  
  b670879d45e75eb7f88fe047f9e88e5f
- SHA1
  
  7497d669a327aebf33ec9dd1c554444d4ee826cf
- SHA256
  
  ec427d5a521cdc4f2690ac7ffa883c982c4e3008991127998b0cfdf32f240f30
- SHA512
  
  b3f60dc3e35babbce28cbbdb21e067dbdfa41b05ccfb35693bc4c84db90fe32551701924ede85517cd5676cca999a16d3bffc71175a97b1ea74ad41cfcc45839
Score

10^/10

formbook o4ms rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

formbooko4msratspywarestealertrojan

behavioral2

formbooko4msratspywarestealertrojan