formbook | 780f32cb42bd11ab9ae87d365c55c098051dba2784921ab5f7f7fd7d4ebe0c26 | Triage

Sharing

General

Target

QUOTATION.exe
Size

508KB
Sample

220131-nq5m1shfd7
MD5

54cabe3124bae52f13dd9e772b6361e0
SHA1

8c80ce3af1573e5d48d536e112d5845aeee426f9
SHA256

780f32cb42bd11ab9ae87d365c55c098051dba2784921ab5f7f7fd7d4ebe0c26
SHA512

ac746875c4c919450c1955c8830d79585cd03ae87351064ab3453e549807c4e6abf9d4ae9ae383ed3a4b6062e172bfcf003966734f8c414fb00235e17539f39d

Score

10^/10

formbook n2t4 rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

n2t4

Decoy

livingthroughthechaos.net

videobuzzmedia.com

felineformulas.com

theorganicbees.com

bizoeflow.com

gtbcked.com

immortalapenft.com

pacherasrl.com

defunddrip.black

fromefarm.com

newmedicalnetwork.com

nikosblue.com

kaecfu.online

arcane-stylish.com

7ox.info

osamaabuzawayed.com

noemielatour.com

baccaratjava.com

latinfoodandwinefestival.com

magiclandstudios.com

Targets

- Target
  
  QUOTATION.exe
- Size
  
  508KB
- MD5
  
  54cabe3124bae52f13dd9e772b6361e0
- SHA1
  
  8c80ce3af1573e5d48d536e112d5845aeee426f9
- SHA256
  
  780f32cb42bd11ab9ae87d365c55c098051dba2784921ab5f7f7fd7d4ebe0c26
- SHA512
  
  ac746875c4c919450c1955c8830d79585cd03ae87351064ab3453e549807c4e6abf9d4ae9ae383ed3a4b6062e172bfcf003966734f8c414fb00235e17539f39d
Score

10^/10

formbook n2t4 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

formbookn2t4ratspywarestealertrojan

behavioral2