formbook

General

Target

aed69bded2c5920724549a7112b9fecb.exe
Size

944KB
Sample

201204-zjfrnr7w1a
MD5

aed69bded2c5920724549a7112b9fecb
SHA1

c5b8acf38cec74a50b860cc28e057fe94f5faac3
SHA256

a433e37681474497ad96a280d9578620c8875d1f99445ca976a84bf3bda3e008
SHA512

86c4eed73ce33efed6d65fe2b6d55681cb9756258e4b8b380630f0cfcc3ff065ec7772d4607e4a24e041e4da1cc9edcb0ed3660c69d180414e5f6bede4bc8ef7

Score

10^/10

Malware Config

Extracted

Family

formbook

C2

http://www.artyhairworld.com/mgd/

Decoy

southwickspecialty.com

xn--ga-c9a.com

fqhyjz.com

svtrbu.com

expreshaliyikama.com

digitalcentervip.com

herpesland.com

mashadafc.com

tributoalcuerpo.com

containerflipperz.net

unearthsc.com

shoppingcart.pro

ekkleonline.com

bestfiveg.com

maranis.com

cryptogamernews.com

lyondaniels.com

its-all-about-the-bling.com

tigush.space

x-select.com

Targets

- Target
  
  aed69bded2c5920724549a7112b9fecb.exe
- Size
  
  944KB
- MD5
  
  aed69bded2c5920724549a7112b9fecb
- SHA1
  
  c5b8acf38cec74a50b860cc28e057fe94f5faac3
- SHA256
  
  a433e37681474497ad96a280d9578620c8875d1f99445ca976a84bf3bda3e008
- SHA512
  
  86c4eed73ce33efed6d65fe2b6d55681cb9756258e4b8b380630f0cfcc3ff065ec7772d4607e4a24e041e4da1cc9edcb0ed3660c69d180414e5f6bede4bc8ef7
Score

10^/10

formbook rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1

T1053

Persistence

Scheduled Task

1

T1053

Privilege Escalation

Scheduled Task

1

T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2