formbook

General

Target

Po-covid19 2372#w2..exe
Size

1.2MB
Sample

210113-y5837wcf7a
MD5

bf53c9dc0d0f032033c318aceef906c6
SHA1

eeba1ef352c09979dfdfb4afdcdc5f41fe2a0119
SHA256

a1558391914f4235dfdcdddcdf0de915a800541a4271feb4aff34af82b83a935
SHA512

7db00f26f4c0e6e6865ff4561ace1d6af4c8804e8534b29d6b1977f48c1863b7fbbd766a360e9d400aad4070568d33247e832b07da69a482004f14eab7c61383

Score

10^/10

Malware Config

Extracted

Family

formbook

C2

http://www.styrelseforum.com/p95n/

Decoy

kimberlyrutledge.com

auctus.agency

johnemotions.com

guilt-brilliant.com

wxshangdian.com

theolivetreeonline.com

stellarfranchisebrands.com

every1no1.com

hoangthanhgroup.com

psm-gen.com

kingdomwow.com

digitalksr.com

karynpolitoforlg.com

youthdaycalgary.com

libertyhandymanservicesllc.com

breatheohio.com

allenleather.com

transformafter50.info

hnhsylsb.com

hmtradebd.com

Targets

- Target
  
  Po-covid19 2372#w2..exe
- Size
  
  1.2MB
- MD5
  
  bf53c9dc0d0f032033c318aceef906c6
- SHA1
  
  eeba1ef352c09979dfdfb4afdcdc5f41fe2a0119
- SHA256
  
  a1558391914f4235dfdcdddcdf0de915a800541a4271feb4aff34af82b83a935
- SHA512
  
  7db00f26f4c0e6e6865ff4561ace1d6af4c8804e8534b29d6b1977f48c1863b7fbbd766a360e9d400aad4070568d33247e832b07da69a482004f14eab7c61383
Score

10^/10

formbook rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2