formbook

General

Target

RQ948594.7z
Size

222KB
Sample

210419-61f2zvdnps
MD5

eabbff01a266f118ef06865079ebbcba
SHA1

4f1db8d63534b8d5d6c3d1f1a8b76fe6d006298a
SHA256

ba4e4e4cb7e4141ffc7f58cf29a69524ba86c44daae525680d95ecb42135fbb3
SHA512

7441b7a2704baedaf4e27c858435de5da5f8abff4f3c317c5ae88c8e36bc63bcff659e7306c6c3c9067c57969a02836330582f9ca33674768106e536a6d822aa

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.lorewe.ltd/gby/

Decoy

ubuntuhorizons.com

prohajek.com

onesky45.com

dztsjp.com

katarhukuk.com

nawanaconcept.com

sdsglebal.net

toxnewadmrykaa.com

a2zlables.com

linusandco.com

unshakeablemeproductions.com

dongfanghong.bet

0755mf.com

nhatviet.xyz

natieand.com

clases-online.com

anelacafe.com

mundodosvestidos.com

aug32.com

godrejmahalungehillside.com

Targets

- Target
  
  RQ948594.exe
- Size
  
  602KB
- MD5
  
  d350b00b989d0854c56fb660ecbea848
- SHA1
  
  ee23def09c2b0dee9d9c442f8a0b5d9da423494f
- SHA256
  
  98cab82db03aed20b3620d28466a63e2923e9b00a63cb76ac41727f1abd3813b
- SHA512
  
  876cd05054d068caf91707649fa9687b5089ae63ca43f3023e7fe34075d4117df2539359485f3f7cd7fec2869515b24635d4b3602b28e3e57e5d1d8de81835b4
Score

10^/10

formbook rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2