formbook

General

Target

pending orders0308 D2101002610 pdf.exe
Size

1.0MB
Sample

210421-c612rgl6ej
MD5

346fb2689c7f90207ce5df0b60be8b14
SHA1

3eee0df26d21393485821a95c2beffc8797d090b
SHA256

6a900970eda971ac9e4cc4263b78b6145ef6c5a94783c572805fdf3c85a8503a
SHA512

9875b395dc34b35f011916d89f3647b155821a4627256d1a7fd3c7af655dcec1e153b1ddcd764e957a404547c4cb6b930afbc358f065ec9671030cf82edf02f8

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.gloomyca.com/chue/

Decoy

hairdewproducts.com

whssboys.net

visual-promotions.com

alsgotyaexteriorcleaning.com

conwayconsultant.com

sjlartistrydesign.info

organicroomservice.com

elatedscents.com

selfauthering.com

variablemonsters.com

thedietcop.com

openhouseshamptonroads.com

tyrantthemes.com

trumppowercatamarans.com

yznx.xyz

jshfoodpantry.com

larmealoeil.com

biztradelines.com

axawinterthur.sucks

inspiredtravels.net

Targets

- Target
  
  pending orders0308 D2101002610 pdf.exe
- Size
  
  1.0MB
- MD5
  
  346fb2689c7f90207ce5df0b60be8b14
- SHA1
  
  3eee0df26d21393485821a95c2beffc8797d090b
- SHA256
  
  6a900970eda971ac9e4cc4263b78b6145ef6c5a94783c572805fdf3c85a8503a
- SHA512
  
  9875b395dc34b35f011916d89f3647b155821a4627256d1a7fd3c7af655dcec1e153b1ddcd764e957a404547c4cb6b930afbc358f065ec9671030cf82edf02f8
Score

10^/10

formbook rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2