formbook

General

Target

PO_2022.zip
Size

1.1MB
Sample

220128-rc975aeeb2
MD5

d6781591bd0437e8443b52a660615d4e
SHA1

db30ead66123545dff9c6033055c5967bec5ac6d
SHA256

d3cc5286f50845f71f6ed6e400e90cbe47840b3939924c40424cadf3201524ad
SHA512

cde419702266d69a40d4e0fae9ce979bc6e3fa83a0479b4f16352d25e0c4b8d3ad43dda4560110930d6351eb4a8c306ab612b8fc0643846c3cc503d53ef03781

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

u1p5

Decoy

yannickrast.com

shitcoin.team

mysweetelissa.com

tpnfrgm2wrld.xyz

freeclothesonline.com

rhoads-music.com

tanglewoodrx.com

sharkeycustoms.com

bonin-island.com

apeutah.com

metacehennem.xyz

deutscheno1.com

e-gate-io.store

hometoto.xyz

jojomove.com

vzn2aai2qj.icu

couponcodes6.com

pbcgotv.com

metarealtyhome.com

geymall.com

Targets

- Target
  
  H4vBtZsi8xAKaMm.exe
- Size
  
  1.2MB
- MD5
  
  7eabab04e4a6fdd45238e32ed81e222c
- SHA1
  
  e0e1dc469746f5e2e049ea4a93d9b09a9227b342
- SHA256
  
  b79d2d02fe777cfd64723ad9b3935b30c00cbc75614fcadbf867cce88df4a8fd
- SHA512
  
  eeaa0f02a15a66b3363f94730ad3cf7c533a4bf303cfa0f53b21959a54dc0f65c50b1ac179aa5f992e3e17bbfaaa1b7393da3d1859ddd51932d36bdf0b7fa21b
Score

10^/10

formbook u1p5 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2