formbook

General

Target

download.dat
Size

182KB
Sample

210121-29fwf22j4x
MD5

124416d2b956cf91c800dc8d94e696b4
SHA1

d10ceb17baac1cd703f84903c159e19cc33f7357
SHA256

c765588034bd272b0ff08491d8b477776e4e284c37abcc9a8b7ae08acf0b4fb1
SHA512

082aa13db5f569b6dec46faad7bd88d20a9de447831b99512496b2013ff1b478401ed9640948982c875544d0135e56b034505eb5cdef8829018934e1fc004e59

Score

10^/10

Malware Config

Extracted

Family

formbook

C2

http://www.familyof2.com/p3c/

Decoy

scsykt.com

333999dy.com

soaringhood.net

thejaxstar.com

sakura-wedding.com

ussalesmarketing.com

mathworksheetsforkids.net

bestchinesefoods.com

theparkchi.com

cb6333.com

xldd0817nt15vkr6.xyz

joyousheartphotography.com

kittylol.com

caufooding.com

pippamalmgren.life

saveitall.today

connect-clarity.info

smartestgift.com

nilshana.com

arkpropertysolutions.com

Targets

- Target
  
  download.dat
- Size
  
  182KB
- MD5
  
  124416d2b956cf91c800dc8d94e696b4
- SHA1
  
  d10ceb17baac1cd703f84903c159e19cc33f7357
- SHA256
  
  c765588034bd272b0ff08491d8b477776e4e284c37abcc9a8b7ae08acf0b4fb1
- SHA512
  
  082aa13db5f569b6dec46faad7bd88d20a9de447831b99512496b2013ff1b478401ed9640948982c875544d0135e56b034505eb5cdef8829018934e1fc004e59
Score

10^/10

formbook rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2