formbook | 3ce15be8f0a31d5fa5a176c3abb3729fd834a6af3e8a69b35cc6f2dd54c66fdb | Triage

Sharing

General

Target

0490ab92aedecbbe4fe1ab000dff0410.exe
Size

1.4MB
Sample

210120-kydtdr8bfa
MD5

0490ab92aedecbbe4fe1ab000dff0410
SHA1

1470aab30084ee6c1e1648c71e46606dfa774658
SHA256

3ce15be8f0a31d5fa5a176c3abb3729fd834a6af3e8a69b35cc6f2dd54c66fdb
SHA512

f020e253faa71652f1385cd8cce2afe79000950a36d8670d69f681fccc19b9f2a0d07abc69628f60e65cf46c88688e7ba189141a9a467230b7da242b7963b71d

Score

10^/10

formbook rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

C2

http://www.embracingmyjourney.net/p7t/

Decoy

crosvudigital.com

airgreenllc.com

epochryphal.com

handy-domain-listing.com

espaceideecreation.com

3sleeves.com

alotrooms.com

luttelion.com

efekaleci.xyz

allpapas.com

alverazricardez.com

meghandoria.com

deicorp-community.com

877nz.com

bahmanhochmetalwerks.com

teppeisugaya.com

kitrablog.digital

theatermoviebuying.com

ptlycloudy.com

ablehed.pro

Targets

- Target
  
  0490ab92aedecbbe4fe1ab000dff0410.exe
- Size
  
  1.4MB
- MD5
  
  0490ab92aedecbbe4fe1ab000dff0410
- SHA1
  
  1470aab30084ee6c1e1648c71e46606dfa774658
- SHA256
  
  3ce15be8f0a31d5fa5a176c3abb3729fd834a6af3e8a69b35cc6f2dd54c66fdb
- SHA512
  
  f020e253faa71652f1385cd8cce2afe79000950a36d8670d69f681fccc19b9f2a0d07abc69628f60e65cf46c88688e7ba189141a9a467230b7da242b7963b71d
Score

10^/10

formbook rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

formbookratspywarestealertrojan

behavioral2

formbookratspywarestealertrojan