formbook | 4116c5111907369d23e1a5f7adf2b0cd13186d6155a8f9406b794f191180f914 | Triage

Sharing

General

Target

PO-29840032.exe
Size

495KB
Sample

210223-9wdckd8wye
MD5

16a8bcda6b8877e2a76f56ac5707eaa8
SHA1

2f6a4a474c53183a14ef815d2f3aa9cdb6a0b545
SHA256

4116c5111907369d23e1a5f7adf2b0cd13186d6155a8f9406b794f191180f914
SHA512

6cacea9c50c6f5d8fa96a6c8047db43458cd5159e87fe3c0807599b21ba80d4f31649b0f26c51edc352c0f55f2c405e32131d81baa70c0547a556efd253ad380

Score

10^/10

formbook rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

C2

http://www.merckcbd.com/dei5/

Decoy

studiomullerphoto.com

reallionairewear.com

dogsalondoggy-tail.com

excelmache.net

bigdiscounters.com

7986799.com

ignition.guru

xiaoxu.info

jpinpd.com

solpool.info

uchooswrewards.com

everestengineeringworks.com

qianglongzhipin.com

deepimper-325.com

appliedrate.com

radsazemehr.com

vivabematividadesfisicas.com

capacitalo.com

somecore.com

listingclass.net

Targets

- Target
  
  PO-29840032.exe
- Size
  
  495KB
- MD5
  
  16a8bcda6b8877e2a76f56ac5707eaa8
- SHA1
  
  2f6a4a474c53183a14ef815d2f3aa9cdb6a0b545
- SHA256
  
  4116c5111907369d23e1a5f7adf2b0cd13186d6155a8f9406b794f191180f914
- SHA512
  
  6cacea9c50c6f5d8fa96a6c8047db43458cd5159e87fe3c0807599b21ba80d4f31649b0f26c51edc352c0f55f2c405e32131d81baa70c0547a556efd253ad380
Score

10^/10

formbook rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

formbookratspywarestealertrojan

behavioral2

formbookratspywarestealertrojan