Overview

overview

10

Static

static

1

URLScan

urlscan

1

https://bazaar.abuse...

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    https://bazaar.abuse.ch/sample/49bae482a9eeeb1792f15f03abbc8e6454d6b7e9fd78dbf7f3081d8dbaa9d450/

  • Sample

    240818-vx5pxsvdme

Score
10/10
formbookpt46discoveryratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

pt46

Decoy

twinportslocal.com

rovor.store

98169.club

mdywl.com

jrd3s.rest

aston1717.top

floridawoodworkingmachinery.com

17tk555t.com

ankitsho.shop

seclameh.com

realrecordlabel.com

trenchonbirmingham.com

af28.top

rtp1kenzototo.com

theselflovesite.com

promotegetpaid.info

strategiclogisticsagency.com

learneracademy.net

per-watch.com

betbox2341.com

Targets

    • Target

      https://bazaar.abuse.ch/sample/49bae482a9eeeb1792f15f03abbc8e6454d6b7e9fd78dbf7f3081d8dbaa9d450/

    Score
    10/10
    formbookpt46discoveryratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Executes dropped EXE

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks