formbook

General

Target

PO#6275473, Shipping.r00
Size

528KB
Sample

210510-3zm6nt67qx
MD5

370813b3c983de5d28427287c9831642
SHA1

5d68ef34ddcd0a1a2259d6f8ed95b80ce145e47a
SHA256

6ea0a9b8e93a62155f9d7e179c35dea54c6404d455d584976a7e3041668c53ab
SHA512

440d474ccd285165e19c4a2004f49a41f9a9c6df342a0ed6b61ae923c1fa9fa921d4251f32c136078122b524af4222bfe2d85a10a92068221a5b4bd7f8df8451

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.magnumopuspro.com/nyr/

Decoy

anemone-vintage.com

ironcitytools.com

joshandmatthew.com

breathtakingscenery.photos

karabakh-terror.com

micahelgall.com

entretiendesterrasses.com

mhgholdings.com

blewm.com

sidewalknotary.com

ytrs-elec.com

danhpham.com

ma21cle2henz.xyz

lotusforlease.com

shipleyphotoandfilm.com

bulktool.xyz

ouedzmala.com

yichengvpr.com

connectmygames.com

chjcsc.com

Targets

- Target
  
  PO#6275473, Shipping.exe
- Size
  
  665KB
- MD5
  
  cb78b28dea109d0e11a05934e02cf9d8
- SHA1
  
  caab11bc17589dc8d20805070d1e343d60192751
- SHA256
  
  5f05f0816898db3798aaa6722cfbd0f625a0eac271b72d0b8c295fa056dff733
- SHA512
  
  8b53f9c263efd1c2ef9011de1112deac3d15d7d31cdf4061f2cca19a4a713bca873d6f0ee0778d3a7eafbbe62a23e891dea8668164f2e9d20645f0aed3a8abaa
Score

10^/10

formbook rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2