formbook

General

Target

744c71a523be4f651482eac7ac5556c3d2cd14f79b244ed05e10b0938848f976
Size

1.1MB
Sample

220221-1xzfssbac3
MD5

8475983835cf499366bcb012e6a48c89
SHA1

336ad5784bc9c021caf0c99de30ba04da06645b3
SHA256

744c71a523be4f651482eac7ac5556c3d2cd14f79b244ed05e10b0938848f976
SHA512

29817e8500c83d7ad14a1cea80d17633853dda989eb984e648729d280e6ba149e7eac5336639f8a4559247ffb6614a07ec91046c1e53a762f426ff5fc7d24bc6

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

n7ak

Decoy

audereventur.com

huro14.com

wwwjinsha155.com

antiquevendor.com

samuraisoulfood.net

traffic4updates.download

hypersarv.com

rapport-happy-wedding.com

rokutechnosupport.online

allworljob.com

hanaleedossmann.com

kauai-marathon.com

bepbosch.com

kangen-international.com

zoneshopemenowz.com

belviderewrestling.com

ipllink.com

sellingforcreators.com

wwwswty6655.com

qtumboa.com

Targets

- Target
  
  pago copia SWIFT pdf.exe
- Size
  
  1.8MB
- MD5
  
  64ce539f8167e9cc887a87f859533933
- SHA1
  
  a736ba56beb2b342468f36f63e7dce53777dbb34
- SHA256
  
  f6397532d0b859cf1b26c55f29ec9af49613ce462643d4dc31478c4f231d2833
- SHA512
  
  d5b763e6259ab3cc9955583ddf20a378de6f73d2286243ee5bb1453244321300ffb9bf274dd45ccf43575ddb83fd0fcd71267e11c4f2c44b0b868a905ff59e21
Score

10^/10

formbook n7ak persistence rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Deletes itself
- Drops startup file
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

2

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Deletes itself

Drops startup file

Adds Run key to start application

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2