formbook

General

Target

0f6739252a3a880727c79accd18ddbb7146f8f7c7347b10dd490cf247cc696e2
Size

680KB
Sample

220221-3m96nabfh6
MD5

9ae977813c64baac0d53da23f60ce8d6
SHA1

9b36e88406ca18997e02558ef8a20b9ff4c01aca
SHA256

0f6739252a3a880727c79accd18ddbb7146f8f7c7347b10dd490cf247cc696e2
SHA512

b139da6c111d50a25943bc948fe364b601c531910aaddbffa717006ba97e9758e44ff69c5669f53b223303233555c6663507157b0af4cf2cba3e1b42160e92ba

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

n7ak

Decoy

audereventur.com

huro14.com

wwwjinsha155.com

antiquevendor.com

samuraisoulfood.net

traffic4updates.download

hypersarv.com

rapport-happy-wedding.com

rokutechnosupport.online

allworljob.com

hanaleedossmann.com

kauai-marathon.com

bepbosch.com

kangen-international.com

zoneshopemenowz.com

belviderewrestling.com

ipllink.com

sellingforcreators.com

wwwswty6655.com

qtumboa.com

Targets

- Target
  
  product order pdf.exe
- Size
  
  1.4MB
- MD5
  
  eb1c6ef7f759fc370d11f744ecbe8646
- SHA1
  
  74bdcf14804203c0af51bc8c5ecfcd766460ecaa
- SHA256
  
  87502a477276c0f6837cb3fc47378f77f4a067e51249918e7f8e101c18ad0f4f
- SHA512
  
  d24cb8e90b4ecab472eb98316f43f67bc2c5baaa5bb2738fe2db8779e5f6f87a96726d5ca68b33dfa3f4580fcc80e1ebc90fa052bdb5588f23b05f4eaaf19a07
Score

10^/10

formbook n7ak persistence rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Deletes itself
- Drops startup file
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

2

T1112

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Deletes itself

Drops startup file

Adds Run key to start application

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2