formbook

General

Target

pio837exe.zip
Size

452KB
Sample

211123-s4j1padfg4
MD5

1ab54a9ac8566683d853778a28571dd3
SHA1

e14983769dab7e5b50c6e7ad6ecec5b1a388ee03
SHA256

d8e1c3964e6e666e3af6555c96b09ef437fb69455ed882a5b4d88ac81d375073
SHA512

74200a7d6eb05066efc7b1ddd2bb60caa89e3c6532b42b318a68c7d52a95eac38969e34ce943799535238cfed28df3c3bc1873cf510c9259a33225529d280265

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

3nop

C2

http://www.jakesplacebarbers.com/3nop/

Decoy

videohm.com

panache-rose.com

alnooncars-kw.com

trueblue2u.com

brussels-cafe.com

ip2c.net

influenzerr.com

rbcoq.com

zzful.com

drainthe.com

sumaholesson.com

cursosaprovados.com

genotecinc.com

dbrulhart.com

theapiarystudios.com

kensyu-kan.com

dkku88.com

tikhyper.com

aztecnort.com

homebrim.com

Targets

- Target
  
  cc8d06af3ce6c4557c64caaccfa9932f56bfc9d4118d57f6ce506019f3ed39e4.bin
- Size
  
  1.0MB
- MD5
  
  8a9b9387b7e538a769b997e9031b0932
- SHA1
  
  c9da2ee488bb13d838a61222e2bf4a95157aa7ee
- SHA256
  
  cc8d06af3ce6c4557c64caaccfa9932f56bfc9d4118d57f6ce506019f3ed39e4
- SHA512
  
  b696dbed435bedddadd101c6d7859dd797146a2ef245a36538b2ceecab77e4c14d417f0cc2ac8192608cb451385d3626ff319a43267ed3ec1acfcffa081d1bcf
Score

10^/10

formbook 3nop persistence rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Adds Run key to start application

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2