formbook

General

Target

ded1197aa570850bc8885d3f4de9e056b9a585eeee5d511a9ee7b5c7432bdc50
Size

845KB
Sample

210506-h37lm42kea
MD5

0b39b28e51b4a0e47ebce7626cc9b79f
SHA1

8f3699a7fa6abeb247f80b92f3340df05741bd7e
SHA256

ded1197aa570850bc8885d3f4de9e056b9a585eeee5d511a9ee7b5c7432bdc50
SHA512

bebe1a1856bee0980491f742f52209fda9c64f0469f98c16098533b3b33648dd10c22c278f04f1e0db1c455385936de2d59690fe14f50031b964e54b33cb4ecc

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.thefallofthedollar.com/ocq1/

Decoy

mukadderaltintas.com

consultant-gov.com

readingroom.center

secretflux.com

diversifica.online

outervagina.com

doylespiritwear.com

musicianonwheels.com

spencer-media.com

juunoo-nord.com

sonorista.com

narenacademy.com

672461.com

swimtrue.com

wingleefruitstore.com

sailgadabout.com

dislosureservices.com

maryaab-lpc.com

thepoojastore.com

belaronconsulting.com

Targets

- Target
  
  ded1197aa570850bc8885d3f4de9e056b9a585eeee5d511a9ee7b5c7432bdc50
- Size
  
  845KB
- MD5
  
  0b39b28e51b4a0e47ebce7626cc9b79f
- SHA1
  
  8f3699a7fa6abeb247f80b92f3340df05741bd7e
- SHA256
  
  ded1197aa570850bc8885d3f4de9e056b9a585eeee5d511a9ee7b5c7432bdc50
- SHA512
  
  bebe1a1856bee0980491f742f52209fda9c64f0469f98c16098533b3b33648dd10c22c278f04f1e0db1c455385936de2d59690fe14f50031b964e54b33cb4ecc
Score

10^/10

formbook rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2