formbook

General

Target

SecuriteInfo.com.Trojan.PackedNET.509.28611.29307
Size

1.2MB
Sample

210119-cdc4f8rm52
MD5

23a53bec3e0bf43ec47af722a6aac7cb
SHA1

fca6e1d1690dea3911407662d8979c7cf037d754
SHA256

16160e8686be9eefc11ffc8eafdabfbcda53784d95d1b747717cbb90acaa04d4
SHA512

b21fdb1c78ddab75df07fb2bbc84f4d3c2061178e6370bcef6744019e1ea5c46152ce7aeb0cfa152ea8c730e53cdca23e27d97fd5e1fdad89c24483f68bcebf1

Score

10^/10

Malware Config

Extracted

Family

formbook

C2

http://www.vitajwb.com/irux/

Decoy

heteltht.com

transbordaquemultiplica.com

ispartakulecleaner.com

woodcutter.website

gy88api8888.com

forsagemagic.com

greenqobbler.com

piligame.com

pcbet333.com

superpuzzlegames.com

jameslearyrealestate.com

acmarketinghacks.com

world-travel.xyz

sprayfoampocatello.com

anshangbao.com

qacpilotacademy.com

aodaicali.com

aarusystems.com

potion-designs.com

bajaenvocho.com

Targets

- Target
  
  SecuriteInfo.com.Trojan.PackedNET.509.28611.29307
- Size
  
  1.2MB
- MD5
  
  23a53bec3e0bf43ec47af722a6aac7cb
- SHA1
  
  fca6e1d1690dea3911407662d8979c7cf037d754
- SHA256
  
  16160e8686be9eefc11ffc8eafdabfbcda53784d95d1b747717cbb90acaa04d4
- SHA512
  
  b21fdb1c78ddab75df07fb2bbc84f4d3c2061178e6370bcef6744019e1ea5c46152ce7aeb0cfa152ea8c730e53cdca23e27d97fd5e1fdad89c24483f68bcebf1
Score

10^/10

formbook rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2