formbook

General

Target

Shipment Document BL,INV and packing list.ace
Size

358KB
Sample

210226-dywx6nq4xn
MD5

f1599b7270d33a5132a8f75461337d92
SHA1

b3d5af008fbf8c5e0a0b6d956bc33c79c927e5ae
SHA256

dc56f8319fd0bd85861ba6a623824a84c84a230edfb7234ea47bb90845da48ef
SHA512

c17352aa82234cdd34cd91a54a0a8c30ee433c3c4c531c33a53613f9f227271c745b3302b9e1c51d44daaf15d7f9e220c946f13678d57e6994cfc9043373747f

Score

10^/10

Malware Config

Extracted

Family

formbook

C2

http://www.webperb.com/nehc/

Decoy

havenmaple.com

katrinasmarket.com

ccharlet.com

everestmedicalgroupusa.net

powervoc.com

crypto300cluv.com

davidrichterlaw.com

parkcitysongfest.com

videogeniusawards.com

beleave.club

gooddeedprocessing.com

synthsup.com

eceiptsworld.com

infinityanalytics.co.uk

damghair.com

sabaidate.com

guitarsir.com

thebowlingspot.com

denturelabmiami.com

mo-cooking.com

Targets

- Target
  
  Shipment Document BL,INV and packing list.exe
- Size
  
  454KB
- MD5
  
  553cd6156563de1a6bd068761a8b8066
- SHA1
  
  bb500d28f113b37cdfa4d09f160a417214188ac2
- SHA256
  
  10d80e3275154e9e39e98d3622a7af4f98a5fd1f0a073839d9e8d670cbd5d3e6
- SHA512
  
  9750b665cf70d9b9000f11edeb26a77d7a0bc8b294aaeb948e51b8abc8239c1801b5b8784bdefef887141e7cda1759263e6e68cf18d1f63432eeb211d63b032b
Score

10^/10

formbook rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2