formbook

General

Target

akon.exe
Size

756KB
Sample

210507-cqsrl8b7xe
MD5

0690de55a2a4081dd2ebc1f658bba4da
SHA1

e4952f3e5cb0c877c682678dbee181a8c737df28
SHA256

8bb3e6cace7598576464639d7f88d0c4d55919b2e110a341df89a1569ae0d5b7
SHA512

94576e743a774e30fbe40053d06c3d4ad8c4c2e421297bcae108a780713da45bf24487a541fbb1b706d0855a69d6883b68f2ec06be9bd2032e72a77d96ecf5c9

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.merifalls.com/4kx/

Decoy

eufood.info

theprotestmatters.com

khauchakhajina.com

008usa-xxf.com

backriverroadsportsplex.com

shopalndrinks.com

necght.xyz

summaryborrow.info

mys518.com

shopapemodeapparel.com

christineroseartiste.com

rsw2226.com

ashes-of-creation.com

shamilalyadin.com

learning-synergy.com

sendstats.net

waverdemo.tech

dubestol.com

bolterbunny.com

beerciderrebattes.com

Targets

- Target
  
  akon.exe
- Size
  
  756KB
- MD5
  
  0690de55a2a4081dd2ebc1f658bba4da
- SHA1
  
  e4952f3e5cb0c877c682678dbee181a8c737df28
- SHA256
  
  8bb3e6cace7598576464639d7f88d0c4d55919b2e110a341df89a1569ae0d5b7
- SHA512
  
  94576e743a774e30fbe40053d06c3d4ad8c4c2e421297bcae108a780713da45bf24487a541fbb1b706d0855a69d6883b68f2ec06be9bd2032e72a77d96ecf5c9
Score

10^/10

formbook rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2