formbook

General

Target

0282fb6d3422cdebf88ba2d9ce0831af.exe
Size

751KB
Sample

210506-kcrre6v3zx
MD5

0282fb6d3422cdebf88ba2d9ce0831af
SHA1

f0c80f1d6ace27df947df38aae7b11ed4b6d7144
SHA256

4fb3bfa3afd4fd027aff55a6cbbc8c3d92fb5dd84bca9d88ff893928a41b9a0a
SHA512

ab8df1a2b5feb03c0df351a215d6e9bb16c3b92853aab0fe7c96308fa94e1eefc362a23cff5e61da2a3e93f28e44a9954b23e363ff6dbc72ac90da95c5f8e6de

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.projectx-dev.net/hci/

Decoy

0357shop.com

cinargenerator.com

freshwes.com

dance-pods.com

cptinsano.com

animaltales1.com

ridernationusa.com

christophergagnon.com

bzjp.icu

culturefap.com

illustrationtees.com

handwritingwork.com

thebullrunranch.com

wujingli.com

wifihouten.online

okavagegroup.com

makaladiggsfitness.com

ruvapy.com

customergirl.com

guangzhoushujukuzxtftf.com

Targets

- Target
  
  0282fb6d3422cdebf88ba2d9ce0831af.exe
- Size
  
  751KB
- MD5
  
  0282fb6d3422cdebf88ba2d9ce0831af
- SHA1
  
  f0c80f1d6ace27df947df38aae7b11ed4b6d7144
- SHA256
  
  4fb3bfa3afd4fd027aff55a6cbbc8c3d92fb5dd84bca9d88ff893928a41b9a0a
- SHA512
  
  ab8df1a2b5feb03c0df351a215d6e9bb16c3b92853aab0fe7c96308fa94e1eefc362a23cff5e61da2a3e93f28e44a9954b23e363ff6dbc72ac90da95c5f8e6de
Score

10^/10

formbook rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2