formbook

General

Target

SecuriteInfo.com.Trojan.Win32.Save.a.1760.6134
Size

2.4MB
Sample

210505-6d5wcjq5nx
MD5

6da8e0e9d3f4d31afc310050825cea27
SHA1

47512cec2a0608c17b01e9fdf40776ec99743cf0
SHA256

9c9dfbf8c44bbe594498ebf93efd84fcf73d66d9c6d5b86e9979afe5e9e9330c
SHA512

bb45fadb068eb2e2aaec99c609ebd3256ac038a506a548085d24191d1d9a993d627c0791e190aef561344bcb1897511e90f4bac96707e5099d07ec218af8871b

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.intelliedgeclinical.net/god/

Decoy

aprendiz.digital

baby-rosy.com

buzzstreetnews.com

restoredscore.com

fullbeingphysician.com

gameonaustralia.com

famdns.com

compassionatecare-llc.com

yureb.com

bike-abruzzo.com

hibiskuricity.site

hindusetu.com

searchingkitsapcountyhomes.com

trespal.com

forenvid.com

gangnamstationithacany.com

roshan-prime.com

fsmstudio.com

bilecikvinckiralama.com

cash4urhousekeys.com

Targets

- Target
  
  SecuriteInfo.com.Trojan.Win32.Save.a.1760.6134
- Size
  
  2.4MB
- MD5
  
  6da8e0e9d3f4d31afc310050825cea27
- SHA1
  
  47512cec2a0608c17b01e9fdf40776ec99743cf0
- SHA256
  
  9c9dfbf8c44bbe594498ebf93efd84fcf73d66d9c6d5b86e9979afe5e9e9330c
- SHA512
  
  bb45fadb068eb2e2aaec99c609ebd3256ac038a506a548085d24191d1d9a993d627c0791e190aef561344bcb1897511e90f4bac96707e5099d07ec218af8871b
Score

10^/10

formbook rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2