formbook

General

Target

rocccc54654.exe
Size

247KB
Sample

220131-vh2dysaff8
MD5

df25b97bea5be4673813da97ef215bce
SHA1

80547a880acc6a3c56ef74737f09dc35df563fd0
SHA256

94c7048f4b423b87476f5f4de6e8b7acb4ba212d9675c9b218c76ce55d118ac5
SHA512

72fe470fa6b4b6e9af58fb038cc4d8d974eda69525609b94a27314f3a6dac8b972b0ee48908df16c6053ba31829eac02098ec8165a69e07a9c3148f2d841c4b1

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

rv12

Decoy

alsahger-store.com

luoboapp1.com

zjblmp.com

alreem-mall.com

wholesalemakeupmiamigarden.com

getevencattlecompany.com

fttmachinery.com

rauqe2m.xyz

pikeddetail-toglancetoday.info

apparessenza.com

g2367.com

advid-creativ.agency

mariobet399.com

seaforesthealth.com

autopilotinjury.net

jinchengdingjs.com

pigeoncontrolfarmington.com

mallorganicwealthgive.com

shicclothing.com

diwakarredhu.com

Targets

- Target
  
  rocccc54654.exe
- Size
  
  247KB
- MD5
  
  df25b97bea5be4673813da97ef215bce
- SHA1
  
  80547a880acc6a3c56ef74737f09dc35df563fd0
- SHA256
  
  94c7048f4b423b87476f5f4de6e8b7acb4ba212d9675c9b218c76ce55d118ac5
- SHA512
  
  72fe470fa6b4b6e9af58fb038cc4d8d974eda69525609b94a27314f3a6dac8b972b0ee48908df16c6053ba31829eac02098ec8165a69e07a9c3148f2d841c4b1
Score

10^/10

formbook rv12 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Deletes itself

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2