formbook

General

Target

74852.exe
Size

231KB
Sample

210113-5phjkctwnj
MD5

e295cb54968cb6f3575a7caf32fe7f5a
SHA1

84405250603351ebe538e7ae34812704c0c3f480
SHA256

15198bfd2fbc367f07a22c6b39ea4e658dfea4a51b74cb4a653eb4b936ad3db0
SHA512

fb5be96870170a769262214bd72a356b6e845328a3838b3ebdb9e8d5f5b8d09c95e992acad00e7c24762d8e351daf6e1810ad44515374f2261f9a3565d857880

Score

10^/10

Malware Config

Extracted

Family

formbook

C2

http://www.theproducersagent.com/nf3n/

Decoy

lcwiremsh.com

aliyunpan.host

asiareddot.com

russcrim.com

onewithnature.store

mypilot.net

bonniebythebeach.com

euvinarede.com

xdbw688.com

carbuyerforcashmorgantown.com

dianna-ploss.com

jbsolb.com

homemademoneymaker.com

m9wa.com

westgatepaintedmountain.com

bobbiejcochran.com

templated.net

xn--kasvomaskitnetist-6qb.com

alliancefinancialgroupusa.com

deungmaru.com

Targets

- Target
  
  74852.exe
- Size
  
  231KB
- MD5
  
  e295cb54968cb6f3575a7caf32fe7f5a
- SHA1
  
  84405250603351ebe538e7ae34812704c0c3f480
- SHA256
  
  15198bfd2fbc367f07a22c6b39ea4e658dfea4a51b74cb4a653eb4b936ad3db0
- SHA512
  
  fb5be96870170a769262214bd72a356b6e845328a3838b3ebdb9e8d5f5b8d09c95e992acad00e7c24762d8e351daf6e1810ad44515374f2261f9a3565d857880
Score

10^/10

formbook rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2