formbook

General

Target

Shipment Document BL,INV and packing List.exe
Size

774KB
Sample

210510-gv6esw3696
MD5

8747be9af2688f83bdf089fe38fb722b
SHA1

abc42ff0d275b549d5ffe93986c32d663f762c7f
SHA256

d56c4c2f5d2fb1888a61723b99845f21742ab93794bc0fdcf146a67c33919e1f
SHA512

80e2b8e6365cdb513993a7194fc97b89bdd702a065edf7df6c8aadda623e578f721df2d45d2d9939f400eb05d9c401169152bcda89e2a213e93df1af7a77f2c1

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.semenovdmitriik.club/bwk/

Decoy

alexrabus.com

education618.com

nelivo.com

gosanispire.com

cdaboozecruise.com

lovenfys.com

wellsleyarts.com

madcord.net

aadiventura.com

prideglobalholdings.com

tu-aviso.com

rjroof.com

upthehilldogwalking.com

ultraletefit.com

opinetree.com

retiredalsolovingit.com

oculensweb.com

laurartproductions.com

uncontenido.com

elisabethchin.com

Targets

- Target
  
  Shipment Document BL,INV and packing List.exe
- Size
  
  774KB
- MD5
  
  8747be9af2688f83bdf089fe38fb722b
- SHA1
  
  abc42ff0d275b549d5ffe93986c32d663f762c7f
- SHA256
  
  d56c4c2f5d2fb1888a61723b99845f21742ab93794bc0fdcf146a67c33919e1f
- SHA512
  
  80e2b8e6365cdb513993a7194fc97b89bdd702a065edf7df6c8aadda623e578f721df2d45d2d9939f400eb05d9c401169152bcda89e2a213e93df1af7a77f2c1
Score

10^/10

formbook rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2