formbook

General

Target

Dekont.exe
Size

302KB
Sample

220125-rmtywshbh5
MD5

fb8596a40d08f57a5ec1e1abf81b440f
SHA1

5a9219dfff7ec0b32ecb8be445542e19b826774c
SHA256

8eaa17ae54b2e26d29ac40caf68baa9ebdf959ea40fb0a66d6317363c748679a
SHA512

eb88ccc25ecc94b78dd6e24396ce3c8f1d4e2b609615bddc5f45b5d901b1b48568576e1e88617dd363557ad2b811912d3ac7069b2da6df0a27f38cdccd8817e9

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

k12t

Decoy

alphasaludsas.com

route7adventures.com

zeenat.life

atendimento.center

alejandrojosueruizmazzeo.com

shopidentitymeisterdown.com

letseat.global

recettesbetty.com

neodrugtest.com

2eji5j.xyz

diversifyingawards.com

ptemeta.xyz

ivonelemos.com

051gg.com

michaelscomputerstore.com

warneattrinityclub.com

genesys-rdc.com

dcbest88.com

zdorovjaplus.com

laurelheap.com

Targets

- Target
  
  Dekont.exe
- Size
  
  302KB
- MD5
  
  fb8596a40d08f57a5ec1e1abf81b440f
- SHA1
  
  5a9219dfff7ec0b32ecb8be445542e19b826774c
- SHA256
  
  8eaa17ae54b2e26d29ac40caf68baa9ebdf959ea40fb0a66d6317363c748679a
- SHA512
  
  eb88ccc25ecc94b78dd6e24396ce3c8f1d4e2b609615bddc5f45b5d901b1b48568576e1e88617dd363557ad2b811912d3ac7069b2da6df0a27f38cdccd8817e9
Score

10^/10

formbook k12t rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

2

T1082

Query Registry

1

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Deletes itself

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2