formbook

General

Target

file
Size

745KB
Sample

201204-9h3a1bgesn
MD5

6b96099f44ece58f73e41cea3da9a1d7
SHA1

88a949fae42ad16a2f76231306e8ebbf4973f30c
SHA256

1e978aeca824414a2dc136c53170762a358a51490786861f1f44784b5ff300db
SHA512

947d6e975aecea9914e28f45df5fa5d227f9fe0ad88534806aaada040b5ff6cfa73b02b7c02c442b5c7a0cb146a202d6e89e39638c656bba36086ee9fd03f8ef

Score

10^/10

Malware Config

Extracted

Family

formbook

C2

http://www.anuschkaleathers.com/zsh/

Decoy

golos95.club

pickpinz.store

surptalb.xyz

trippingthemuse.com

elizkumas.com

thesilverslipper.club

musicindustrymag.com

newfuzoku.com

2girls1stream.com

thefreebands.com

ayngaranastro.com

urakointiliikeleinonenoy.info

downunder-weddings.com

tictactechnology.net

partnerbudowlany.com

slidementality.com

estudiosobscuros.com

terminalr.com

kkrcreations.com

ahmclinic.com

Targets

- Target
  
  file
- Size
  
  745KB
- MD5
  
  6b96099f44ece58f73e41cea3da9a1d7
- SHA1
  
  88a949fae42ad16a2f76231306e8ebbf4973f30c
- SHA256
  
  1e978aeca824414a2dc136c53170762a358a51490786861f1f44784b5ff300db
- SHA512
  
  947d6e975aecea9914e28f45df5fa5d227f9fe0ad88534806aaada040b5ff6cfa73b02b7c02c442b5c7a0cb146a202d6e89e39638c656bba36086ee9fd03f8ef
Score

10^/10

formbook rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

1

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2