formbook

General

Target

lista naloga za kupovinu.exe
Size

732KB
Sample

220304-ssf5nafbd8
MD5

3c5f54d4e4b7aa203fd1d27e73428750
SHA1

a6c97722938a05ad3ef3c3acdda0aeb19c579ba5
SHA256

42dfb1aeb19afac4595bc0146dd42ee251896ea1bf3ea8ab05d4bd28a7edbed1
SHA512

c9409857a1378fa844a10ed18c766eaff181642c4000d8f1e6962b302d3729b7516c4d05467429057675c271c7517ffcc925fca99443bec22a3419edbca627b9

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

3nop

Decoy

videohm.com

panache-rose.com

alnooncars-kw.com

trueblue2u.com

brussels-cafe.com

ip2c.net

influenzerr.com

rbcoq.com

zzful.com

drainthe.com

sumaholesson.com

cursosaprovados.com

genotecinc.com

dbrulhart.com

theapiarystudios.com

kensyu-kan.com

dkku88.com

tikhyper.com

aztecnort.com

homebrim.com

Targets

- Target
  
  lista naloga za kupovinu.exe
- Size
  
  732KB
- MD5
  
  3c5f54d4e4b7aa203fd1d27e73428750
- SHA1
  
  a6c97722938a05ad3ef3c3acdda0aeb19c579ba5
- SHA256
  
  42dfb1aeb19afac4595bc0146dd42ee251896ea1bf3ea8ab05d4bd28a7edbed1
- SHA512
  
  c9409857a1378fa844a10ed18c766eaff181642c4000d8f1e6962b302d3729b7516c4d05467429057675c271c7517ffcc925fca99443bec22a3419edbca627b9
Score

10^/10

persistence formbook 3nop rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Adds Run key to start application

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2