formbook

General

Target

Request a quote Mitsubishi Japan XN501.exe
Size

858KB
Sample

210114-dyfwgmkr7a
MD5

d5079ba6252ba0df47a279c217f79abe
SHA1

1088019f6828d3b01dbaa44a7f27cad6d00bbcd2
SHA256

b6dc1192212d0ae4c5509491a96602f9c3da82694097372e9bf5ae03ca86adba
SHA512

629fce6fa602b30e8d82b980de1a777e87840b2377757fbef18c5037b7d47a54c3c3eec5872da0eec1573807815d45192ccf9b8f8daf53b56dda41baf5ce9193

Score

10^/10

Malware Config

Extracted

Family

formbook

C2

http://www.9dgevjb.net/gtl/

Decoy

45687g.net

graveimport.com

bulldogsgear.com

service-support.email

uhzcflg.icu

zebradefensefund.com

make10xhappen.com

ecotegral.online

stillatwink.site

onwardatlanta.com

real-optionstheory.com

madbearcustomwoodworking.com

adelinekaczmarek.com

elia-lca.com

tinykreations.com

rawlinsrealty.info

ubcholdings.com

searko.com

lepinedoree.com

fundsrecoveryexperts.com

Targets

- Target
  
  Request a quote Mitsubishi Japan XN501.exe
- Size
  
  858KB
- MD5
  
  d5079ba6252ba0df47a279c217f79abe
- SHA1
  
  1088019f6828d3b01dbaa44a7f27cad6d00bbcd2
- SHA256
  
  b6dc1192212d0ae4c5509491a96602f9c3da82694097372e9bf5ae03ca86adba
- SHA512
  
  629fce6fa602b30e8d82b980de1a777e87840b2377757fbef18c5037b7d47a54c3c3eec5872da0eec1573807815d45192ccf9b8f8daf53b56dda41baf5ce9193
Score

10^/10

formbook rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2