formbook

General

Target

2021_50SG0BK00T1,pdf.exe
Size

1.0MB
Sample

210119-hfcv7bdbz6
MD5

89f2269c6b922334a760d393a84e14f5
SHA1

c745861fede33861fb7ecb4e74fec7ffc2f65838
SHA256

e7063cc17e4ab85b0ae947f6366f4a955758d2e3ef81bb2476f77aec1f77daae
SHA512

3779f0399da5297c82086512b516fb6bfd05df9831c995001988bf0cbe2fe20258316c9e19e3810240e0414a059f7132d73835a9cfa4cc8ab5845d98887a46ce

Score

10^/10

Malware Config

Extracted

Family

formbook

C2

http://www.radissonhotelsusa.com/cp5/

Decoy

glcpunix.com

marabierta-coaching.com

osrs-remastered.com

lineagehealthxwellness.com

dunyadagezilecekyerler.com

negociosyfinanzasfaciles.com

bifa510.com

houseofutamasa.com

dopeneeds.com

sailacc.com

thewindgallery.com

elvinrisky.com

flowersassistedliving.com

lzbnwy.com

mrpentester.com

joinmytradingteam.com

jasabuatvisa.com

meherunnessa-foundation.com

notyourtypicaljocks.com

lobo-sports.com

Targets

- Target
  
  2021_50SG0BK00T1,pdf.exe
- Size
  
  1.0MB
- MD5
  
  89f2269c6b922334a760d393a84e14f5
- SHA1
  
  c745861fede33861fb7ecb4e74fec7ffc2f65838
- SHA256
  
  e7063cc17e4ab85b0ae947f6366f4a955758d2e3ef81bb2476f77aec1f77daae
- SHA512
  
  3779f0399da5297c82086512b516fb6bfd05df9831c995001988bf0cbe2fe20258316c9e19e3810240e0414a059f7132d73835a9cfa4cc8ab5845d98887a46ce
Score

10^/10

formbook rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1

T1053

Persistence

Scheduled Task

1

T1053

Privilege Escalation

Scheduled Task

1

T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2