formbook

General

Target

PO 15682.rar
Size

38KB
Sample

210226-q535ay9pen
MD5

abd6e7800fce57588152130bbe6c3d6d
SHA1

4fa92452b2d3d3b9a44350ad8e7f6a749b5918bc
SHA256

bc6b1b5ae30207710574e2fc475111020061d25f8e39781a3f4cd3902f7c6b3e
SHA512

bde2268f928283bb512754c5a7ec73a7fae9ba4e45b3652a8e0b48c74d23d547b7a19523624b40952c8e86633b4868c55eb7ba1b37c48ad3056f0a886f33d777

Score

10^/10

Malware Config

Extracted

Family

formbook

C2

http://www.lyceumgroupbooks.com/blk/

Decoy

khoasoldguaranteed.com

mamucosmetic.com

numerologo.guru

r--hmb.info

dirtywonga.net

chefsdelivered.com

reallylongsex.today

ownthelightbetweenoceans.com

tallboyradio.com

laineygissip.com

alkhemilia.com

tiedye-design.com

simonmarkroberts.com

thebattledrones.com

w-bayvip.vin

icloudmyfind.biz

soughandhikaresorts.com

gisjess.com

modacicekevi.com

gymwelluk.com

Targets

- Target
  
  PO 15682.exe
- Size
  
  132KB
- MD5
  
  152a5851db0c8cf4e0d70ebdc17ee40f
- SHA1
  
  6f5d834b312bad0742efacf2dc4e1484a9541b40
- SHA256
  
  9433390a8374d47e62017b03c8d949af363e1f1aaa5247a2e320fc611c42f138
- SHA512
  
  c28b65148108e09ec8844ef02b8d309a78b9737462dd5ec0bf11817a309d564a810e779e3757d40741712a3a4e0e1bda4f161927876a0500049a3f5bdc40c1af
Score

10^/10

formbook rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Deletes itself
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Deletes itself

Suspicious use of NtSetInformationThreadHideFromDebugger

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2