formbook

General

Target

doc359680138546284.pdf.exe
Size

368KB
Sample

210227-8s6e98hnr6
MD5

07c858ed1fe8ee34db817fa6e9fc87f3
SHA1

5d22b7982a5ea8233cf18e20c57b3e90d90a48d6
SHA256

b04fb6a2bc53196885c36c1de64a717a47bd0c450f2948999c368cf489e9ffb8
SHA512

07e38d23692aa1a99153548572a261d9353abe1e85f5c4df25d3097eaed3e364f9b8eba89da29858b8f4c793b4fa9b45113a69f35ce1d4624dc9bba20a866568

Score

10^/10

Malware Config

Extracted

Family

formbook

C2

http://www.supinapp.com/grv/

Decoy

morganofatlanta.com

vz473.com

hengetelt.com

bailcally.com

virtuosoonline.com

tenthousandli.com

ohanamascota.com

digi-plates.com

prismagtech.com

we-cinema.com

372680.com

smartautoexpert.xyz

mrxzg.com

apartment-brussels.com

reverseincubator.com

linkasean.com

yummicrabva.com

diguchaye.com

reaktorfatura.com

thecatsaysno.com

Targets

- Target
  
  doc359680138546284.pdf.exe
- Size
  
  368KB
- MD5
  
  07c858ed1fe8ee34db817fa6e9fc87f3
- SHA1
  
  5d22b7982a5ea8233cf18e20c57b3e90d90a48d6
- SHA256
  
  b04fb6a2bc53196885c36c1de64a717a47bd0c450f2948999c368cf489e9ffb8
- SHA512
  
  07e38d23692aa1a99153548572a261d9353abe1e85f5c4df25d3097eaed3e364f9b8eba89da29858b8f4c793b4fa9b45113a69f35ce1d4624dc9bba20a866568
Score

10^/10

formbook rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2