formbook | b76cdf3f203937fdd5a57710faf9c4d78281f4b893e8caff17a5053bb741bffc | Triage

Sharing

General

Target

Confirmarea platii.Pdf.exe
Size

821KB
Sample

220129-kqgpeahbd6
MD5

c93940644125559a6aa5f89f532066b8
SHA1

9e80136c79abe4072b9629fb57f19c2692dc33a8
SHA256

b76cdf3f203937fdd5a57710faf9c4d78281f4b893e8caff17a5053bb741bffc
SHA512

2c5eee79d2b488cdf1ec10d0fe295dc87fcb3383665bd072174571cdc6feeb7531a329861eaabd9838799fca633203b5dc7d98a535123bd7a4ba458c5f42c0af

Score

10^/10

formbook d2g7 rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

d2g7

Decoy

inviteonlyme.com

noashopping.com

raysyoutube.com

chicagp.com

brnguatemala.com

speechboutique.com

philippinepodcastdirectory.com

konnecio.com

9q1ng6.icu

treez.info

appleiclou.com

pettras.com

txherz.icu

freearcae.com

mindpetalsoftwaresolutions.com

my-beautiful-switzerland.com

hpzebike.online

fadsekclub.xyz

newcastledhaka.com

varidsk.com

Targets

- Target
  
  Confirmarea platii.Pdf.exe
- Size
  
  821KB
- MD5
  
  c93940644125559a6aa5f89f532066b8
- SHA1
  
  9e80136c79abe4072b9629fb57f19c2692dc33a8
- SHA256
  
  b76cdf3f203937fdd5a57710faf9c4d78281f4b893e8caff17a5053bb741bffc
- SHA512
  
  2c5eee79d2b488cdf1ec10d0fe295dc87fcb3383665bd072174571cdc6feeb7531a329861eaabd9838799fca633203b5dc7d98a535123bd7a4ba458c5f42c0af
Score

10^/10

formbook d2g7 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

formbookd2g7ratspywarestealertrojan

behavioral2

formbookd2g7ratspywarestealertrojan