formbook

General

Target

Details for bookings.exe
Size

999KB
Sample

210119-e6ax4ynl42
MD5

a25a89b6290bd06ba2bd66ef1ff7b4d1
SHA1

5596b820a3ce13c56473185ad4f67079c4ac3f8d
SHA256

39872cee88d7cf4d0f0cc42d09348b6fea960a62861fab210bf257c4e6bc3a36
SHA512

6a88385d5d653ee01e6251b944de4da855fac18054ede73e8bdae8a30ac832d3a83b8c7ed8bd7c2cf04b855ea9d3fb9032d7560bc25f6d6947ca921b2a8d96a4

Score

10^/10

Malware Config

Extracted

Family

formbook

C2

http://www.deuxus.com/t052/

Decoy

ladybug-learning.com

unforgottenstory.com

oldmopaiv.xyz

natashaexim.com

hannahmcelgunn.com

retargetingmachines.info

njoconline.com

unicornlankadelivery.com

giftkerala.com

englishfordoctors.online

schatzilandrvresort.com

brujoisaac.com

basiccampinggear.com

escapees.today

dgyxsy888.com

stevebana.xyz

mimozakebap.com

ezdoff.com

pluumyspalace.com

shaoshanshan.com

Targets

- Target
  
  Details for bookings.exe
- Size
  
  999KB
- MD5
  
  a25a89b6290bd06ba2bd66ef1ff7b4d1
- SHA1
  
  5596b820a3ce13c56473185ad4f67079c4ac3f8d
- SHA256
  
  39872cee88d7cf4d0f0cc42d09348b6fea960a62861fab210bf257c4e6bc3a36
- SHA512
  
  6a88385d5d653ee01e6251b944de4da855fac18054ede73e8bdae8a30ac832d3a83b8c7ed8bd7c2cf04b855ea9d3fb9032d7560bc25f6d6947ca921b2a8d96a4
Score

10^/10

formbook rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2