formbook

General

Target

Product_enquiry.exe
Size

414KB
Sample

220131-rl9yqahhd5
MD5

d26e70fcc7580002e528f118f456c2b4
SHA1

d541eff6bf7532c48a2dae7752d9f98236f2557b
SHA256

8eedc524cbcf57998c67472c72d0db19becad221e770bea32486deb9661d3fd4
SHA512

7e36759bf53ab9da188936193bdaf572721f14489acf6335fbcde8e41bb685915def03d3a9360212760a1256ed1005a7759c7f4c62763a826d686df60f613714

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

w24y

Decoy

17zuqiu8.com

gotdangog.com

olvacouriertrujillo.com

jun2199.com

pupmetaverse.com

ttoo.site

xn--74k-4v2i.com

boskal.space

sj0668.icu

billsflive.com

thevisonllc.com

curatedchannelmarketing.com

paintpartyohio.com

carsharingvalet.com

poohcrush.com

healthycattreatoptions.club

domaincloud.tech

mrandmrsbatten.com

vermaatvloeren.com

baoziji8.icu

Targets

- Target
  
  Product_enquiry.exe
- Size
  
  414KB
- MD5
  
  d26e70fcc7580002e528f118f456c2b4
- SHA1
  
  d541eff6bf7532c48a2dae7752d9f98236f2557b
- SHA256
  
  8eedc524cbcf57998c67472c72d0db19becad221e770bea32486deb9661d3fd4
- SHA512
  
  7e36759bf53ab9da188936193bdaf572721f14489acf6335fbcde8e41bb685915def03d3a9360212760a1256ed1005a7759c7f4c62763a826d686df60f613714
Score

10^/10

formbook w24y rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Deletes itself

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2