formbook

General

Target

ScamPMT.iso
Size

492KB
Sample

220126-kycenabea8
MD5

8107444e49ead1cb9779ae51f0d5e907
SHA1

36937e8ebc18223cd984ba6083f35ef25b213d10
SHA256

9c5c5add33d36c78246e241b7fbbace3e707968e015ee4dc333249f02ea102e1
SHA512

bed0efa62d2da1189d9d1992153a00e6e0a08581a27af6293eb9b6be4fda3edb30b804987a9e11704060212405328fd46792fb23693c97aaa42d98caaeebe050

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

b3n1

Decoy

alexandragrows.com

shellload.com

stanleyrorke.com

glasurit.us

facebookismetaverse.com

astoundingaffairs.com

facom.us

dysonsaleoutlet.us

obtengaunitedhealthcare.com

sebastianroofrepairs.com

saltvent.com

littleonesclub.com

webamazoncardshopmail.xyz

lutam.xyz

myfirstpsgame.com

comline.cloud

valueinsightfororacle.com

congregacionansestral.com.co

paypal-uk.xyz

facebookversuzmeta.com

Targets

- Target
  
  ScamPMT.exe
- Size
  
  431KB
- MD5
  
  067e3e5b267e1c65a9e633ee3c3bd3d0
- SHA1
  
  3d0ef11080a29070a41f7b97c64cd04f45a147ee
- SHA256
  
  138885bb6b68014d53469fa9ce85505960e780a2953c13d4bee23d87f0db1563
- SHA512
  
  4487df8a859d6f2b40be64a7e516c9135eb703ac03fe694c297a241c6b710a3b84face067f2faac566f44d35a77be377b455c29e317b45baa3b6769564c67588
Score

10^/10

formbook b3n1 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Deletes itself

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2