formbook

General

Target

test_prog.exe
Size

184KB
Sample

210421-2t43ekev4e
MD5

010c67f8960f277321803f5b9072dde9
SHA1

5980cc8f60853f97ad4879a4109378051387e67d
SHA256

317b44cb1a42636529caa86b5d3caeaa3689e3b58f6a414406c5d022635a99a6
SHA512

821f700fb2e7d690c4d7a419aec8d367c83a48dffcd4443e823d99a47e23a5592c3fe810ff12a42810eb97261ec93a90a90a76e85c58a39475889ecb281562d5

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.martinbrosenterprise.com/nyd/

Decoy

acpqpmq.icu

byonf.com

physicianco.com

wecare4therich.com

kenziesboutique.com

coachingfortransformation.co.uk

redenginegames.info

allindefi.xyz

hashflo.com

carnivalhotels.net

yogatrac.com

hotel-gasthof-neukirchen.com

ebn-lapak.com

xn--3iqa8101avze.com

sanimist.store

studentsafetysheild.store

themontalbanogroup.com

oyunhaberler.com

sportsbooksnv.com

yogiinthedistrict.com

Targets

- Target
  
  test_prog.exe
- Size
  
  184KB
- MD5
  
  010c67f8960f277321803f5b9072dde9
- SHA1
  
  5980cc8f60853f97ad4879a4109378051387e67d
- SHA256
  
  317b44cb1a42636529caa86b5d3caeaa3689e3b58f6a414406c5d022635a99a6
- SHA512
  
  821f700fb2e7d690c4d7a419aec8d367c83a48dffcd4443e823d99a47e23a5592c3fe810ff12a42810eb97261ec93a90a90a76e85c58a39475889ecb281562d5
Score

10^/10

formbook rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2