formbook | 0b4545838e8a848f0a54b02582f6d49494b3352dfd88d39d6ba2051c420270a6 | Triage

Sharing

General

Target

061483471c0c0d3f4b33a17ba0fda2c1.exe
Size

502KB
Sample

220131-r5vyxaaac8
MD5

061483471c0c0d3f4b33a17ba0fda2c1
SHA1

18bc73370ca8514aa5fafa0176d25c3c45d5f8ee
SHA256

0b4545838e8a848f0a54b02582f6d49494b3352dfd88d39d6ba2051c420270a6
SHA512

2da603dd5a95ee1314ace4ee1f1ef08d12c62f5f0210d88bd5c816405c391c28106ce6952ecbc34dd08653eff997f95f2f08fe8292371b94f0e5f3c1f09f3d7f

Score

10^/10

formbook n0k1 rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

n0k1

Decoy

tyupa.xyz

scion.xyz

smjacob.com

intelligentsiaunionyes.com

myartismytemple.com

roethlisburgers.com

burny-live-bar.com

amricanfamilyinsurance.com

barossavalleycollective.online

coinstarrevenue.com

ionablissfullife.com

worryfreeads.com

9xu5qkr1.xyz

julbera.xyz

denko-puro.com

boardsavorybeambark.club

coronarules.info

hailiangyinqing.com

pageonandroid.tech

1meqtaw8.xyz

Targets

- Target
  
  061483471c0c0d3f4b33a17ba0fda2c1.exe
- Size
  
  502KB
- MD5
  
  061483471c0c0d3f4b33a17ba0fda2c1
- SHA1
  
  18bc73370ca8514aa5fafa0176d25c3c45d5f8ee
- SHA256
  
  0b4545838e8a848f0a54b02582f6d49494b3352dfd88d39d6ba2051c420270a6
- SHA512
  
  2da603dd5a95ee1314ace4ee1f1ef08d12c62f5f0210d88bd5c816405c391c28106ce6952ecbc34dd08653eff997f95f2f08fe8292371b94f0e5f3c1f09f3d7f
Score

10^/10

formbook n0k1 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

formbookn0k1ratspywarestealertrojan

behavioral2