formbook

General

Target

2.exe
Size

510KB
Sample

211022-k2nxvsbde7
MD5

831a54a05443e82a26a005ec26234144
SHA1

62c5e762a4daf6b70b0d56d8073f5fde4c178e8d
SHA256

7384abd36e0c316a0a343a943245ef61e6ecbcf6fe2aab10a8a0f2b72de7198d
SHA512

7208dd92027dc273a9d3249e0af4071a0980d233465be19d1546c613845292abe0a5c9119318e5b89c506b0614c8485dd779847db0db5d90b220f7febf4a9793

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

m4bs

C2

http://www.bridgedai.com/m4bs/

Decoy

roofingmeetssolar.com

trefacs.info

jgmoamain.com

healthbenefitmanager.com

fasten-mit-diana.com

sijialutan.com

ouchsafety.net

mmcbrasil.com

rombachholdings.com

dksolutionsga.com

katherinewaltersconsulting.com

jfuejea.com

maintainarea.net

epilationnice.com

nightanddate.com

augustuslegacy.com

cricketaddicyor.com

norenasefamuf.rest

charlottesvilletowing.com

mortgagecreek.com

Targets

- Target
  
  2.exe
- Size
  
  510KB
- MD5
  
  831a54a05443e82a26a005ec26234144
- SHA1
  
  62c5e762a4daf6b70b0d56d8073f5fde4c178e8d
- SHA256
  
  7384abd36e0c316a0a343a943245ef61e6ecbcf6fe2aab10a8a0f2b72de7198d
- SHA512
  
  7208dd92027dc273a9d3249e0af4071a0980d233465be19d1546c613845292abe0a5c9119318e5b89c506b0614c8485dd779847db0db5d90b220f7febf4a9793
Score

10^/10

formbook m4bs rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

1

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2