formbook

General

Target

Purchase Order 40,7045.exe
Size

339KB
Sample

201121-blaeav9v7x
MD5

2566aac2faf57e27d8778f2c61bac6d3
SHA1

b163ec807fe59a0f85f2d964fe1e8ffa8adab77e
SHA256

7d4d5ddf016f84445c94bf5ee4d715be092f8711b70ebd17f48f2956fba0487d
SHA512

f4e1fabcb5036f7adda5789f91dfdcfeada6dbfb0c8ed33ff76acf7d42f8f0e74041332684310572bd449b23ec5a7f10ef25245f78007fa70a10c14d646c6250

Score

10^/10

Malware Config

Extracted

Family

formbook

C2

http://www.sweetbasilmarketing.com/igqu/

Decoy

coveloungewineandwhiskey.com

chemtradent.com

educare.cloud

shopnicknaks.com

realitytvstockwatch.com

handsfreedocs.com

trafegopago.com

ariasu-nakanokaikei.com

allmm.info

elleatx.com

erpsystem.site

whatisastaxanthin.com

hemparcade.com

ownumo.com

pasumaisangam.com

theoutdoorbed.com

plantpowered.energy

elevenelevenapparelcompany.com

vrspace.ltd

justsoldbykristen.com

Targets

- Target
  
  Purchase Order 40,7045.exe
- Size
  
  339KB
- MD5
  
  2566aac2faf57e27d8778f2c61bac6d3
- SHA1
  
  b163ec807fe59a0f85f2d964fe1e8ffa8adab77e
- SHA256
  
  7d4d5ddf016f84445c94bf5ee4d715be092f8711b70ebd17f48f2956fba0487d
- SHA512
  
  f4e1fabcb5036f7adda5789f91dfdcfeada6dbfb0c8ed33ff76acf7d42f8f0e74041332684310572bd449b23ec5a7f10ef25245f78007fa70a10c14d646c6250
Score

10^/10

formbook rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2