formbook

General

Target

3131_50SG0BK00T1,pdf.exe
Size

1.0MB
Sample

210119-pb8vlvq1mx
MD5

8898f586289faf1cc074c328eb64e0c6
SHA1

8df1daf9fb7147fd61a1e18a5b1e5bfa7bbe94fa
SHA256

134447d4a42fa0c68719a166022b19728ab3b771a025fcb40b9e01eb0472bd8b
SHA512

1ef511b05999e0346b8698f51b5a7950744dff2f6ff726a39414886c840a5e191e4dcf5ab5c54cbb23df79199da225f8da78af8e74c0cc7b677c9c7bec1e0ea0

Score

10^/10

Malware Config

Extracted

Family

formbook

C2

http://www.radissonhotelsusa.com/cp5/

Decoy

glcpunix.com

marabierta-coaching.com

osrs-remastered.com

lineagehealthxwellness.com

dunyadagezilecekyerler.com

negociosyfinanzasfaciles.com

bifa510.com

houseofutamasa.com

dopeneeds.com

sailacc.com

thewindgallery.com

elvinrisky.com

flowersassistedliving.com

lzbnwy.com

mrpentester.com

joinmytradingteam.com

jasabuatvisa.com

meherunnessa-foundation.com

notyourtypicaljocks.com

lobo-sports.com

Targets

- Target
  
  3131_50SG0BK00T1,pdf.exe
- Size
  
  1.0MB
- MD5
  
  8898f586289faf1cc074c328eb64e0c6
- SHA1
  
  8df1daf9fb7147fd61a1e18a5b1e5bfa7bbe94fa
- SHA256
  
  134447d4a42fa0c68719a166022b19728ab3b771a025fcb40b9e01eb0472bd8b
- SHA512
  
  1ef511b05999e0346b8698f51b5a7950744dff2f6ff726a39414886c840a5e191e4dcf5ab5c54cbb23df79199da225f8da78af8e74c0cc7b677c9c7bec1e0ea0
Score

10^/10

formbook rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1

T1053

Persistence

Scheduled Task

1

T1053

Privilege Escalation

Scheduled Task

1

T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2