formbook

General

Target

069edc860955f7f56fe2c18cfd9d46e26b95831325541ab3cc92bba11f30fa3b
Size

176KB
Sample

220521-ntg15aeba8
MD5

9d656dfa9340373f162d2a4893d3b4fb
SHA1

1861873ec8ee0f7513947ac169f36eb2a27d6b8a
SHA256

069edc860955f7f56fe2c18cfd9d46e26b95831325541ab3cc92bba11f30fa3b
SHA512

5846a875e89097bec774140f965e14f063edc1a77a9536c23183208b0be378d0bb5ed66dd8b93eb5c41f5341cdf111ada3915d5028d82782f30fa57f5754e012

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

3.9

Campaign

nfl

Decoy

giacamp.net

qb51.party

mashalevine.com

russiasexdating.com

jitangyy.com

morockin.com

karoreiss.com

tractionhero.today

bienvenueenprovence.net

stormharbour.info

61999h.com

tryandcert.com

bestwaytosuccess.com

laobaochang.com

otomatiktente.com

rehpb.info

ivpdqb.info

dc-wv-wv-ie-q.com

goingmagic.com

cimachain.com

Targets

- Target
  
  CONTRACTS DOCUMENTS.exe
- Size
  
  215KB
- MD5
  
  b5a64ee18bd52e91671491580ae349da
- SHA1
  
  0a5ec3756c34db4a9eb9a1e54a0867f9c98c6f3d
- SHA256
  
  380b98b82eca0b9f9ea4a86ea9ee60c579bc68d75a75db5d800074a8c50a0a52
- SHA512
  
  9fc1a1faed034a8e1247e1b6daeb83bbcc4f58ce3aadd5df21213837de5d3252c8801aeb7031be6c73fa00cc23ef85d218b724b0da3d9f6cbcd7dd3eaec9c6f9
Score

10^/10

formbook nfl rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

1

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

3

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Checks computer location settings

Drops startup file

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2