formbook

General

Target

TNT AWB TRACKING DETAILS.exe
Size

245KB
Sample

220125-rmt9nahbh8
MD5

2e906caf5e155d01f62a1246ac5b59d8
SHA1

ed84833e46816b8831be67a0003d8c5fc47b3cad
SHA256

5f3980e6686fe4d2dc41f24e42287d082cc894a57078e69e4a9554bec20ff5cc
SHA512

8f439da9c35ce7974ea2ccb3a47d372c88daf968fb9361536753ca0dc6982e55d2f82c176d32abeb3e91bbcce4c514965227c1740c3ca50df664177db748f25d

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

a34b

Decoy

mesonarte.com

eksiwakun9.xyz

dustcollectionconsultant.com

heliosarchitecture.com

chinaanalysisgroup.com

nimbinhillshemp.com

ychain.biz

mountshastaart.com

monstermangoloco.com

bodhiandbear.com

rootednft.xyz

metayema.com

zw21.xyz

criccketworld.com

segurobarato.net

ananyacap.com

momo-momo.xyz

ezrealestatedeals.com

ghrde.xyz

idimol.com

Targets

- Target
  
  TNT AWB TRACKING DETAILS.exe
- Size
  
  245KB
- MD5
  
  2e906caf5e155d01f62a1246ac5b59d8
- SHA1
  
  ed84833e46816b8831be67a0003d8c5fc47b3cad
- SHA256
  
  5f3980e6686fe4d2dc41f24e42287d082cc894a57078e69e4a9554bec20ff5cc
- SHA512
  
  8f439da9c35ce7974ea2ccb3a47d372c88daf968fb9361536753ca0dc6982e55d2f82c176d32abeb3e91bbcce4c514965227c1740c3ca50df664177db748f25d
Score

10^/10

formbook a34b rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

2

T1082

Query Registry

1

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Deletes itself

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2