formbook

General

Target

Best quotations.exe
Size

1.3MB
Sample

221030-x3scwsgdhq
MD5

7011f702f15e308ff767be16a05a2e67
SHA1

7ca29e8daa2127e674c67287cd265c68a63e0be3
SHA256

3d0400fb45ebf52e42f40e3c6c3c246a6c1e1550f8b974b848f57a4294084162
SHA512

e31f3d7d61236806bf82c09ffcc4024420180b457c8afb40706d03158b0c7bfb53109d8c422053d4845925859b0cc13649057d111bfa6dee2d4b54fb8a32dd43
SSDEEP

12288:AkgHCeMnTDHNXPxnpeb2DKoD9Pd9kXvVcfyPq9+RSLjA/f2LYr8YehtkdQ54mMSq:K7M3hDeb27Pd6VKZ1ubI1hF4mMSQO

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ng04

Decoy

tevimaq.com

easterspecialtystore.com

smartlever.tech

10312.uk

tanjawiharbi.co.uk

471338.com

horusventure.com

empress-care.com

sinrian.com

465951.com

aemsti.com

nxcourier.com

stargatefarms.com

lalyquainvestment.com

dailysportsadvice.com

justlistmoore.com

stoneonroll.online

tatianakolomiets.com

barcodebbm.com

protectorship.world

Targets

- Target
  
  Best quotations.exe
- Size
  
  1.3MB
- MD5
  
  7011f702f15e308ff767be16a05a2e67
- SHA1
  
  7ca29e8daa2127e674c67287cd265c68a63e0be3
- SHA256
  
  3d0400fb45ebf52e42f40e3c6c3c246a6c1e1550f8b974b848f57a4294084162
- SHA512
  
  e31f3d7d61236806bf82c09ffcc4024420180b457c8afb40706d03158b0c7bfb53109d8c422053d4845925859b0cc13649057d111bfa6dee2d4b54fb8a32dd43
- SSDEEP
  
  12288:AkgHCeMnTDHNXPxnpeb2DKoD9Pd9kXvVcfyPq9+RSLjA/f2LYr8YehtkdQ54mMSq:K7M3hDeb27Pd6VKZ1ubI1hF4mMSQO
Score

10^/10

formbook ng04 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2