formbook

General

Target

Quotation_23642828687267892387.xls.exe
Size

710KB
Sample

210510-hfdxvkemmx
MD5

f0e2e2dbb34dbdecb3ce6a3a885e89d5
SHA1

f52c0691574ac454d5bbd50cfe470218b6ad906f
SHA256

ee913da4f5fe43bc6f2457ce36d9364d4b9f7a79adb71dab617ca1dfde879377
SHA512

c3c7e4ba5006551649fd9c18ea8ba6464917746546054205b2839c5ae2f31070d7e27682d7ce90aaf84063fe1fb6f1c756967e755b7d5f8fac54f86605e4f2c4

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.angelgirlm.com/c7jh/

Decoy

melangearte.com

nuaphraka.com

sharongold.net

seriouslysimpledesigns.com

17mpacc.com

customwareperu.com

styleofbliss.com

myvardenafilok.com

anwarnews.net

therecruiterroute.net

wxgdds.com

bmgblve.com

hotel-montmartre.com

ujasiriisihawu.com

childs.farm

landscapesofcapital.com

carolecares.com

wesarzamin.com

yinleba.com

partnershrsolutions.com

Targets

- Target
  
  Quotation_23642828687267892387.xls.exe
- Size
  
  710KB
- MD5
  
  f0e2e2dbb34dbdecb3ce6a3a885e89d5
- SHA1
  
  f52c0691574ac454d5bbd50cfe470218b6ad906f
- SHA256
  
  ee913da4f5fe43bc6f2457ce36d9364d4b9f7a79adb71dab617ca1dfde879377
- SHA512
  
  c3c7e4ba5006551649fd9c18ea8ba6464917746546054205b2839c5ae2f31070d7e27682d7ce90aaf84063fe1fb6f1c756967e755b7d5f8fac54f86605e4f2c4
Score

10^/10

formbook rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2