formbook

General

Target

Lista narudzbi u prilogu.exe
Size

665KB
Sample

220223-pzmn8sabb2
MD5

7c754436428e55a562a264840f7fc7a9
SHA1

3a907c34ade6be35c7bc50544e7bea7c69b1b584
SHA256

641726e045898d15c39c11559c01e297aff22924a4cd3543e0ce2e3cdc3c2277
SHA512

5c44ae730c0e31048b2fb1e3426ca53f7f4ce6fe9e6042275ee5b464c03373ed4ee59afb5b3fae2657fbe6747026b92be2df34f80a854b0fc59be329c888c8a5

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

3nop

Decoy

videohm.com

panache-rose.com

alnooncars-kw.com

trueblue2u.com

brussels-cafe.com

ip2c.net

influenzerr.com

rbcoq.com

zzful.com

drainthe.com

sumaholesson.com

cursosaprovados.com

genotecinc.com

dbrulhart.com

theapiarystudios.com

kensyu-kan.com

dkku88.com

tikhyper.com

aztecnort.com

homebrim.com

Targets

- Target
  
  Lista narudzbi u prilogu.exe
- Size
  
  665KB
- MD5
  
  7c754436428e55a562a264840f7fc7a9
- SHA1
  
  3a907c34ade6be35c7bc50544e7bea7c69b1b584
- SHA256
  
  641726e045898d15c39c11559c01e297aff22924a4cd3543e0ce2e3cdc3c2277
- SHA512
  
  5c44ae730c0e31048b2fb1e3426ca53f7f4ce6fe9e6042275ee5b464c03373ed4ee59afb5b3fae2657fbe6747026b92be2df34f80a854b0fc59be329c888c8a5
Score

10^/10

formbook 3nop persistence rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Adds Run key to start application

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2