formbook | 8ea59257ca1ccc0d6680d184a985dff22180e056aec54b3afd3ed2c3ad3bc4d2 | Triage

Sharing

General

Target

8ea59257ca1ccc0d6680d184a985dff22180e056aec54b3afd3ed2c3ad3bc4d2
Size

1.0MB
Sample

210120-nswhmdmnzs
MD5

232a964f2335bd594cc991d75b5794e1
SHA1

40b0c49f9cb93c9537662c948efe09ee1293491e
SHA256

8ea59257ca1ccc0d6680d184a985dff22180e056aec54b3afd3ed2c3ad3bc4d2
SHA512

8583a71e22bbc5cf0ed61358d7237d14bac712ab5e281854717a3fcfec7388d214d9fca564455f1efa3934956d6af4c5a27391ccb9c312dc95b38f56361b012b

Score

10^/10

formbook rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

C2

http://www.paniciagency.com/n6sn/

Decoy

siearrasmission.com

exploringcharlotte.com

michaelthomasgunn.com

automationmarketers.com

vynxcl3kv3.com

df2229.com

vazivaimmo.net

usful.info

vescuderoabogados.com

janidevco.com

newshum.com

teamworkgod.com

snowwayconstruction.com

s8fyit.com

economicidentity.com

jennysay.com

gamoauction.com

thebooksofblood.com

graymatter-bi.com

newtownquick.net

Targets

- Target
  
  8ea59257ca1ccc0d6680d184a985dff22180e056aec54b3afd3ed2c3ad3bc4d2
- Size
  
  1.0MB
- MD5
  
  232a964f2335bd594cc991d75b5794e1
- SHA1
  
  40b0c49f9cb93c9537662c948efe09ee1293491e
- SHA256
  
  8ea59257ca1ccc0d6680d184a985dff22180e056aec54b3afd3ed2c3ad3bc4d2
- SHA512
  
  8583a71e22bbc5cf0ed61358d7237d14bac712ab5e281854717a3fcfec7388d214d9fca564455f1efa3934956d6af4c5a27391ccb9c312dc95b38f56361b012b
Score

10^/10

formbook rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

formbookratspywarestealertrojan

behavioral2

formbookratspywarestealertrojan