formbook

General

Target

15012021.exe
Size

896KB
Sample

210115-1yqqjbydr2
MD5

49eaef0a7cb0cb134803b5f0697dde4b
SHA1

74c9d06f4ffb47f349e68aeafa7d599ce240815b
SHA256

9a9ac9671ba6e6954776498cf28264d6c1742bc52fb070d7736d83a3582a14c8
SHA512

6d03e0521eac228a5077a2c994a2d3a6660940b2415c3e5f2642baeddbc7ff2f814c11f99e16a43c11f62dca5a0ced647d903ff4a75cedfd792e7d98cf1b66c9

Score

10^/10

Malware Config

Extracted

Family

formbook

C2

http://www.timoniks.com/rbg/

Decoy

fingermode.com

parkplace.finance

hollandgreen2020.com

starbets.site

vehiculesfrigorifiques.com

sydiifinancial.com

rpivuenation.com

freesubdirectory.com

independencepartynyc.com

dogruparti.info

independencecountyclub.com

midnightlashesbykim.com

digitalsept.com

whatilikeabouttoday.com

marktplaatsaccount.info

13400667334.com

xinwei-ge.com

login-appleid.info

momashands.com

kennyxpress.com

Targets

- Target
  
  15012021.exe
- Size
  
  896KB
- MD5
  
  49eaef0a7cb0cb134803b5f0697dde4b
- SHA1
  
  74c9d06f4ffb47f349e68aeafa7d599ce240815b
- SHA256
  
  9a9ac9671ba6e6954776498cf28264d6c1742bc52fb070d7736d83a3582a14c8
- SHA512
  
  6d03e0521eac228a5077a2c994a2d3a6660940b2415c3e5f2642baeddbc7ff2f814c11f99e16a43c11f62dca5a0ced647d903ff4a75cedfd792e7d98cf1b66c9
Score

10^/10

formbook rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2