formbook

General

Target

c052190b60d83304962baa2f4381ee06.exe
Size

246KB
Sample

211015-wqwn4scadl
MD5

c052190b60d83304962baa2f4381ee06
SHA1

1b9be49206b5c9c88847ba83ff4971902ff033b9
SHA256

9f59a9c7a38d8031c5b0829da6c4c10951b1de67adada4f567449d4b6ea8d83c
SHA512

04d5f431c75292820305470e1dbc16f08b3644583a24ad8c92a8a66b91f622a12dc514eb55dda52aa34248cb92460f43c939dc2d40c50ebe96a8f7abac2ec26c

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

nk6l

C2

http://www.rthearts.com/nk6l/

Decoy

cbnextra.com

entitysystemsinc.com

55midwoodave.com

ebelizzi.com

khojcity.com

1527brokenoakdrive.site

housinghproperties.com

ratiousa.com

lrcrepresentacoes.net

tocoec.net

khadamatdemnate.com

davidkastner.xyz

gardeniaresort.com

qiantangguoji.com

visaprepaidprocessinq.com

cristinamadara.com

semapisus.xyz

mpwebagency.net

alibabasdeli.com

gigasupplies.com

Targets

- Target
  
  c052190b60d83304962baa2f4381ee06.exe
- Size
  
  246KB
- MD5
  
  c052190b60d83304962baa2f4381ee06
- SHA1
  
  1b9be49206b5c9c88847ba83ff4971902ff033b9
- SHA256
  
  9f59a9c7a38d8031c5b0829da6c4c10951b1de67adada4f567449d4b6ea8d83c
- SHA512
  
  04d5f431c75292820305470e1dbc16f08b3644583a24ad8c92a8a66b91f622a12dc514eb55dda52aa34248cb92460f43c939dc2d40c50ebe96a8f7abac2ec26c
Score

10^/10

formbook nk6l rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2