formbook | 38acc90cd6d33b61b99cca8cf06781e1bd2ab8ffebc3a33e036eca36037d413b | Triage

Sharing

General

Target

PO_210223.exe
Size

783KB
Sample

210223-bpphp3tkt2
MD5

e40af9745e938b72d5d860bbc679aebf
SHA1

d9e750061417b0ca9f933db79c99c12934abbe84
SHA256

38acc90cd6d33b61b99cca8cf06781e1bd2ab8ffebc3a33e036eca36037d413b
SHA512

2124a0cb2135bfc5731554aaa534e6ba9063137450e5df18a56c8dd661d8d926278c1d658f1aef44d3522598e047f4735ca5a06cef41be3593101a089f3494ba

Score

10^/10

formbook rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

C2

http://www.000666dy.com/ntg/

Decoy

successwithyolandafgreen.com

theordinaryph.com

atamyo-therapeutics.com

pophazard.com

anthonyfultz.com

pasanglham.com

kanekhushi.com

littlefishyswim.com

kaieteurny.com

fanavartima.com

digexpo.com

se-rto.com

chaos.finance

bakldx.com

after-school.pro

faithfromphilly.com

estudiomuradian.com

albertocerasini.com

andronna.com

wingspotusa.com

Targets

- Target
  
  PO_210223.exe
- Size
  
  783KB
- MD5
  
  e40af9745e938b72d5d860bbc679aebf
- SHA1
  
  d9e750061417b0ca9f933db79c99c12934abbe84
- SHA256
  
  38acc90cd6d33b61b99cca8cf06781e1bd2ab8ffebc3a33e036eca36037d413b
- SHA512
  
  2124a0cb2135bfc5731554aaa534e6ba9063137450e5df18a56c8dd661d8d926278c1d658f1aef44d3522598e047f4735ca5a06cef41be3593101a089f3494ba
Score

10^/10

formbook rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

formbookratspywarestealertrojan

behavioral2

formbookratspywarestealertrojan