formbook

General

Target

9DWvynenEDJ11fY.exe
Size

772KB
Sample

210503-1t5e45y38a
MD5

1b102c40bbd04472fab01210b70d427e
SHA1

62d5b8647576f7310743295a295c317e8c9719c7
SHA256

d10d943f98bc02f7734f1d61d9b85a0088a3b58886d952e730985861f4e646b6
SHA512

e30ad6963c8735c95fe8b8ffd9b011f50cd28f121d5cd9dd2e584c9b9b767e9a96fcd50dca34bdb0bb6d414da4496035fb5288518111e1bab75941f37cbdcfdb

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.unknowndjteam.com/hsd/

Decoy

yishi43.com

riseinitiativellc.com

allproparsking.com

janainalimashop.com

artkozijnen.com

1368e.com

gzshengxian.com

tap2.credit

toddmalligan.com

anastasiageorgiou.com

danielamorrowlaw.com

asahipacific.com

quizseeker.com

fayval-williams.com

dreamcatcherrally.com

nuaxbannk.com

presentationmagic.online

signcargo.com

kittyforcupertino.com

danarett.com

Targets

- Target
  
  9DWvynenEDJ11fY.exe
- Size
  
  772KB
- MD5
  
  1b102c40bbd04472fab01210b70d427e
- SHA1
  
  62d5b8647576f7310743295a295c317e8c9719c7
- SHA256
  
  d10d943f98bc02f7734f1d61d9b85a0088a3b58886d952e730985861f4e646b6
- SHA512
  
  e30ad6963c8735c95fe8b8ffd9b011f50cd28f121d5cd9dd2e584c9b9b767e9a96fcd50dca34bdb0bb6d414da4496035fb5288518111e1bab75941f37cbdcfdb
Score

10^/10

formbook rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2