formbook | bdfb763b51cd4a618ad0d10388f1f478d1acddc7917891a990e8f390c9319b76 | Triage

Sharing

General

Target

CC2107139144.exe
Size

856KB
Sample

220125-l3yzwsdgf8
MD5

51beaa7443a361691a0cbef6e56d890b
SHA1

5a851452118c729d94b99f83c85cd819f5f96de6
SHA256

bdfb763b51cd4a618ad0d10388f1f478d1acddc7917891a990e8f390c9319b76
SHA512

2f41652699b858e31182ad7c14593034c75c78929ce24ab1ec65cf62f800cc04e0c64acc08a3e4c3d28d5d38769a829d38ce4fa684ed89f384ca663bb1b4a440

Score

10^/10

formbook v32s rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

v32s

Decoy

water-hada-utsukushii.xyz

9v6v.com

rechtsanwalt-trnka.com

lets-eat-healthy.com

vannyscreamycreations.com

cosy-bamboo.com

leedexamtraining.com

lilbusinessowner.com

cncvietnam.net

gpsplayback.com

aroidaddictfl.com

patienpower.info

777londonescorts.com

whrpky078.xyz

yqamuh.com

virtualft.com

fanfanway.com

56789r.com

926397.com

kp-crane.com

Targets

- Target
  
  CC2107139144.exe
- Size
  
  856KB
- MD5
  
  51beaa7443a361691a0cbef6e56d890b
- SHA1
  
  5a851452118c729d94b99f83c85cd819f5f96de6
- SHA256
  
  bdfb763b51cd4a618ad0d10388f1f478d1acddc7917891a990e8f390c9319b76
- SHA512
  
  2f41652699b858e31182ad7c14593034c75c78929ce24ab1ec65cf62f800cc04e0c64acc08a3e4c3d28d5d38769a829d38ce4fa684ed89f384ca663bb1b4a440
Score

10^/10

formbook v32s rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

formbookv32sratspywarestealertrojan

behavioral2

formbookv32sratspywarestealertrojan