formbook | 92420ebd5feeb4171db8a4877ac6eb2dd594fd4d07192408b26aa9b98c5d048d | Triage

Sharing

General

Target

06aafd2382d63afc9874125e5c1062b0.exe
Size

326KB
Sample

210114-64nw7vzzke
MD5

06aafd2382d63afc9874125e5c1062b0
SHA1

e3b553368eec14ea84ba32f291a17dc614c64670
SHA256

92420ebd5feeb4171db8a4877ac6eb2dd594fd4d07192408b26aa9b98c5d048d
SHA512

cd317df3b6f9b86e3b3c2eef38d5b4fb8900562aae920c08607075fe6fd3e01480035f6ffb4188cae49c37faebd6ed626a2da457c75d99ba1535a42d2a690b27

Score

10^/10

formbook rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

C2

http://www.evana-rohanihijab.com/iic6/

Decoy

capableandresilient.com

listaprzygod.com

cashhomeprogram.com

aboutwheelchair.com

clk4milli.club

asakitreks.com

liquiddreamworld.com

uqur88.com

bestifystore.com

arancionehq.xyz

mmoimperium.com

houxinjian.com

satmonitoring.com

tidalhaven.com

blcdevelopers.com

piratesofthefun.com

kadopulsa.com

xn--o39au6k0nm4rghsaq0c.net

wxxxtw.com

kyrtjf.com

Targets

- Target
  
  06aafd2382d63afc9874125e5c1062b0.exe
- Size
  
  326KB
- MD5
  
  06aafd2382d63afc9874125e5c1062b0
- SHA1
  
  e3b553368eec14ea84ba32f291a17dc614c64670
- SHA256
  
  92420ebd5feeb4171db8a4877ac6eb2dd594fd4d07192408b26aa9b98c5d048d
- SHA512
  
  cd317df3b6f9b86e3b3c2eef38d5b4fb8900562aae920c08607075fe6fd3e01480035f6ffb4188cae49c37faebd6ed626a2da457c75d99ba1535a42d2a690b27
Score

10^/10

formbook rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

formbookratspywarestealertrojan

behavioral2

formbookratspywarestealertrojan