formbook

General

Target

6a0200a4316e595561f8527e3bcf27bc.exe
Size

925KB
Sample

210721-4c19fjwc7e
MD5

6a0200a4316e595561f8527e3bcf27bc
SHA1

4c356c914ccdf83b8c89b6a02a2c4a9391094763
SHA256

f8f02165547227a6692d503cf1203dcaf2d43b58219bb78cb0e42895f49a8121
SHA512

af3decd9eaf59e31462fce7cdf36335814151c6c512aa0248d0877c7addbfeccdb530f01a11de1fc47b6d8f5bd1dc506175d9c0d4fd67376cd06da5e89b90470

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.hometowncashbuyersgroup.com/kkt/

Decoy

inspirafutebol.com

customgiftshouston.com

mycreativelending.com

psplaystore.com

newlivingsolutionshop.com

dechefamsterdam.com

servicingl0ans.com

atsdholdings.com

manifestarz.com

sequenceanalytica.com

gethealthcaresmart.com

theartofsurprises.com

pirateequitypatrick.com

alliance-ce.com

wingrushusa.com

funtimespheres.com

solevux.com

antimasathya.com

profitexcavator.com

lankeboxshop.com

Targets

- Target
  
  6a0200a4316e595561f8527e3bcf27bc.exe
- Size
  
  925KB
- MD5
  
  6a0200a4316e595561f8527e3bcf27bc
- SHA1
  
  4c356c914ccdf83b8c89b6a02a2c4a9391094763
- SHA256
  
  f8f02165547227a6692d503cf1203dcaf2d43b58219bb78cb0e42895f49a8121
- SHA512
  
  af3decd9eaf59e31462fce7cdf36335814151c6c512aa0248d0877c7addbfeccdb530f01a11de1fc47b6d8f5bd1dc506175d9c0d4fd67376cd06da5e89b90470
Score

10^/10

formbook rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2