formbook

General

Target

new_po_098847excel.exe
Size

608KB
Sample

220131-qzgnnahha3
MD5

941bf5aee26ff5069ee30be727d3371b
SHA1

1fd3ef2cd0294bd0c9d00d6221da50e3015111c3
SHA256

0daa09469850448a4e784e04448e25ebd6e7bdc26d61e0017a3ae602025da1bb
SHA512

01d47239d868d7075235fc6d91e2e987dc476b32923f729f74891ab219767a6eda5d2253e33be2e846f7f19ad42c495077d7641bd19652fffb081b73fc2a7a2d

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

sc21

Decoy

fan-y-guff.net

blockraptor.com

in-value.com

mobilehomeflorida.com

supreme-ink-namibia.com

fitseek.website

thermalchar.com

arbsevices.com

jacksongary.com

ukoproducciones.com

inginnoedutxt.com

xeentours.com

kokinet.xyz

mojatrznica.online

hdjag.com

jjsjoint.com

xggzgjmy.com

truvshop.com

partyvulcan.com

angrymongol.xyz

Targets

- Target
  
  new_po_098847excel.exe
- Size
  
  608KB
- MD5
  
  941bf5aee26ff5069ee30be727d3371b
- SHA1
  
  1fd3ef2cd0294bd0c9d00d6221da50e3015111c3
- SHA256
  
  0daa09469850448a4e784e04448e25ebd6e7bdc26d61e0017a3ae602025da1bb
- SHA512
  
  01d47239d868d7075235fc6d91e2e987dc476b32923f729f74891ab219767a6eda5d2253e33be2e846f7f19ad42c495077d7641bd19652fffb081b73fc2a7a2d
Score

10^/10

formbook sc21 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Deletes itself

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2