formbook

General

Target

c888b41f2a50528acc77e8975b00997b2340ccc770395c32bebabc329cd07901
Size

266KB
Sample

220521-mxgn4afgcp
MD5

325607cda99109c27de3a8b3c7962700
SHA1

c0275f365b4ca9c66a95a3624210fd53f4854ffe
SHA256

c888b41f2a50528acc77e8975b00997b2340ccc770395c32bebabc329cd07901
SHA512

a838ea8e560314591141c42b2beb04474d5abf4c9f62abba9bd971cb0bee3113742ed5543d66cb0d13e1c2ddb6de35b9d64d7dd79849dd27a940695348056ec7

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

q5e

Decoy

2177.ltd

thanxiety.com

max-width.com

fixti.net

mostmaj.com

mobilteknolojiuzmani.com

historyannals.com

wheelchairmotion.com

mossandmoonstonestudio.com

kastellifournis.com

axokey.net

peekl.com

metsteeshirt.com

abcfinancial-inc.com

btxrsp.com

amydh.com

ccoauthority.com

lumacorretora.com

kimfelixrealtor.com

iconext.biz

Targets

- Target
  
  RFQ ITALY.exe
- Size
  
  339KB
- MD5
  
  3d352883f99e989706cf2dd5c282b1bc
- SHA1
  
  9fdebf8594c52b23ee132454bd3e9882e0f93cd1
- SHA256
  
  24faef493cc61205b4f7f963641879ab92f06686932338163f905a82fb68b72d
- SHA512
  
  311293aa8077e48282e13d2f51232106b84253d9a2fc80e19f4d9d40b5df00964ed8327a07874453b9f128164813c8ed8cb5a5d027e79224df0254df18590602
Score

10^/10

formbook q5e rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2