formbook

General

Target

U prilogu potvrda narudzbe.exe
Size

1.2MB
Sample

220311-pf2n2shdc5
MD5

33d5b6d2a768ee702bb7d345424e68c4
SHA1

09c324347674dc1530b282c816117c83244dc9e0
SHA256

7397f5b9dcb22b5032f825681a1158f362b3485a120f0fecbc51f1b1c5ca6a52
SHA512

f80ee4c924e2d48660a3ca119e267a5d30d8ab25972123997016dca9524302fe2bd38e698ffb560b4dc75f8c28206ff8f19ae3b8bbf2024ac088d2f2768700c3

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

3nop

Decoy

videohm.com

panache-rose.com

alnooncars-kw.com

trueblue2u.com

brussels-cafe.com

ip2c.net

influenzerr.com

rbcoq.com

zzful.com

drainthe.com

sumaholesson.com

cursosaprovados.com

genotecinc.com

dbrulhart.com

theapiarystudios.com

kensyu-kan.com

dkku88.com

tikhyper.com

aztecnort.com

homebrim.com

Targets

- Target
  
  U prilogu potvrda narudzbe.exe
- Size
  
  1.2MB
- MD5
  
  33d5b6d2a768ee702bb7d345424e68c4
- SHA1
  
  09c324347674dc1530b282c816117c83244dc9e0
- SHA256
  
  7397f5b9dcb22b5032f825681a1158f362b3485a120f0fecbc51f1b1c5ca6a52
- SHA512
  
  f80ee4c924e2d48660a3ca119e267a5d30d8ab25972123997016dca9524302fe2bd38e698ffb560b4dc75f8c28206ff8f19ae3b8bbf2024ac088d2f2768700c3
Score

10^/10

persistence formbook 3nop rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Adds Run key to start application

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2