formbook

General

Target

PO101420.exe
Size

837KB
Sample

210114-92xezhkdln
MD5

ff9de567dd3c2aa2ebcb5e0450964875
SHA1

aeb352d5031fa9cd1f5a3e1a69c4c4740634956c
SHA256

709b457160612a42a7714a517690760f05b09fb55f61570632500aa14328deec
SHA512

b850406f9db839d5678997713034106c94c36d500f774ae222a086dcb9e693f450ba686f6ab13f6e9a07bf91e9aa92626a49e73a761d80c502c89f2ab3be279e

Score

10^/10

Malware Config

Extracted

Family

formbook

C2

http://www.hundsprobleme.com/fcxy/

Decoy

3dimex.com

heartgem.net

jhfctzdsna.club

lurapures.com

musclegirlfix.com

zebragenetics.com

evyneellis.com

jiaxiaozx.com

kayanmag.com

ufomars.com

liverepaire.com

hitspluz.com

regulargirlhair.com

lafleurdulis.com

secretsseniorengineersknow.com

zoerichards.photos

alphaappraisal.net

southernrussia.com

jbskatingmuseum.com

lawxorder.art

Targets

- Target
  
  PO101420.exe
- Size
  
  837KB
- MD5
  
  ff9de567dd3c2aa2ebcb5e0450964875
- SHA1
  
  aeb352d5031fa9cd1f5a3e1a69c4c4740634956c
- SHA256
  
  709b457160612a42a7714a517690760f05b09fb55f61570632500aa14328deec
- SHA512
  
  b850406f9db839d5678997713034106c94c36d500f774ae222a086dcb9e693f450ba686f6ab13f6e9a07bf91e9aa92626a49e73a761d80c502c89f2ab3be279e
Score

10^/10

formbook rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

1

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2