formbook

General

Target

order_list_attached.exe
Size

184KB
Sample

220302-stblkafda7
MD5

d183004c73c53fd2e1c50bce8cc40602
SHA1

99fcacc46c4bc2bf0c066e37f7e88b23284ed8a9
SHA256

10fc636b7474b2ea701bfda198e0625d430d51097665addbc8d7bf397e565855
SHA512

e7c34484eb796d2d178da4c3078e89aeb41c4cb0d6af4a945f32667da4fbbf31093c9024eb5c51e1ba8600931c5ad6d68d98e908467d5073b46e932c7788ab8c

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

3nop

Decoy

videohm.com

panache-rose.com

alnooncars-kw.com

trueblue2u.com

brussels-cafe.com

ip2c.net

influenzerr.com

rbcoq.com

zzful.com

drainthe.com

sumaholesson.com

cursosaprovados.com

genotecinc.com

dbrulhart.com

theapiarystudios.com

kensyu-kan.com

dkku88.com

tikhyper.com

aztecnort.com

homebrim.com

Targets

- Target
  
  order_list_attached.exe
- Size
  
  184KB
- MD5
  
  d183004c73c53fd2e1c50bce8cc40602
- SHA1
  
  99fcacc46c4bc2bf0c066e37f7e88b23284ed8a9
- SHA256
  
  10fc636b7474b2ea701bfda198e0625d430d51097665addbc8d7bf397e565855
- SHA512
  
  e7c34484eb796d2d178da4c3078e89aeb41c4cb0d6af4a945f32667da4fbbf31093c9024eb5c51e1ba8600931c5ad6d68d98e908467d5073b46e932c7788ab8c
Score

10^/10

formbook 3nop rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2