formbook

General

Target

Xerox Scan_07122020181109.exe
Size

548KB
Sample

210430-6rztnz8jrx
MD5

d32b16a8b624da8d210ed2df4f01a360
SHA1

92cc60c1ab97e7d0b4b5c9ff82c5e6b4bee26ee0
SHA256

e338687d4f9f5fe40129cd2def9a200b463f85e406b093b4334322bea48baa3a
SHA512

40c9c501ecb839e4c33d7a968a4759d5fa599a6da5e49f26f1f6f7d96c400bbef4db3de1b4f7e3c301a428ee5e1345c86df82b3f9a38cd48850c8a41b0b750f7

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.monsunconsulting.com/gnf/

Decoy

phongthuythienan.website

andreaknightteacherauthor.com

lifeswatercolors.com

572215.com

kolm-polymers.com

turkishmarket.guru

jonnybravoarmory.com

wedatseasonings.com

worstdread.com

arisealf.com

gpsemployerservices.com

glorybit.com

purposeprowrestling.com

funlifecycle.com

bprattservices.com

pumpkinpundit.com

kustomhydraulics.com

accounteyei.com

visionagny.com

iddomum.com

Targets

- Target
  
  Xerox Scan_07122020181109.exe
- Size
  
  548KB
- MD5
  
  d32b16a8b624da8d210ed2df4f01a360
- SHA1
  
  92cc60c1ab97e7d0b4b5c9ff82c5e6b4bee26ee0
- SHA256
  
  e338687d4f9f5fe40129cd2def9a200b463f85e406b093b4334322bea48baa3a
- SHA512
  
  40c9c501ecb839e4c33d7a968a4759d5fa599a6da5e49f26f1f6f7d96c400bbef4db3de1b4f7e3c301a428ee5e1345c86df82b3f9a38cd48850c8a41b0b750f7
Score

10^/10

formbook rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2