formbook

General

Target

3ecdafd3c19efbfc4f06d5d2aefd02b8
Size

888KB
Sample

210706-wv99sq28c2
MD5

3ecdafd3c19efbfc4f06d5d2aefd02b8
SHA1

808ab748f5fee7b4f5b802a89b1e3ac44e47fdd1
SHA256

f198ab80b865300fc6721e506292ddbe21d18004daec3f567c53fd9e2d86dc7f
SHA512

99098adfaa9358d10ccd47b63631b0369fb8bdd4a95714c2611d2668e9aba20c3671bb42af59ec773470e1297f13d28ccf09d8280a3b2e1cdb9dbce920526523

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.hai96.com/lvno/

Decoy

pennilanecompany.com

doshjpft.icu

avolveathlete.com

infinixinfo.com

boforpresident.com

tepeyaccafe.com

psontour.com

bootyandbeauty.com

saisdgiveaway.com

pokebrostogo.com

pizzafromsky.com

cobroking.site

greisslerbox.com

twittletweet.com

xwbcm817.xyz

100hougong.com

fdn2018.com

bestrankedstuff.com

astralmotivations.com

gottagowalkies.com

Targets

- Target
  
  3ecdafd3c19efbfc4f06d5d2aefd02b8
- Size
  
  888KB
- MD5
  
  3ecdafd3c19efbfc4f06d5d2aefd02b8
- SHA1
  
  808ab748f5fee7b4f5b802a89b1e3ac44e47fdd1
- SHA256
  
  f198ab80b865300fc6721e506292ddbe21d18004daec3f567c53fd9e2d86dc7f
- SHA512
  
  99098adfaa9358d10ccd47b63631b0369fb8bdd4a95714c2611d2668e9aba20c3671bb42af59ec773470e1297f13d28ccf09d8280a3b2e1cdb9dbce920526523
Score

10^/10

formbook rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2