formbook

General

Target

Orden de producto.exe.xz
Size

289KB
Sample

210722-g8v6sqqx66
MD5

9d8686decab42f0ffe107155abcfc92f
SHA1

f989f7f6030a0e3a91fba2f67ff22ed3fd5dfd7f
SHA256

a1c60c2eb2ca693b6350c869577d495f8e63dbdbb5df054f0b0c12511b449f4e
SHA512

c44fe3a1d73d49eeca3424ade4aecef76ae94c3a0cab6f5581c7db7ba9c81b01219a0e9de0e1d2aee58f8d56df0741cb0673fa20d32de8379442727bd50400b9

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.kmresults.com/n7ak/

Decoy

modischoolcbse.com

theneverwinter.com

rszkjx-vps-hosting.website

fnihil.com

1pbet.com

nnowzscorrez.com

uaotgvjl.icu

starmapsqatar.com

ekisilani.com

extradeepsheets.com

jam-nins.com

buranly.com

orixentertainment.com

rawtech.energy

myol.guru

utex.club

jiapie.com

wowig.store

wweidlyyl.com

systaskautomation.com

Targets

- Target
  
  Orden de producto.exe
- Size
  
  736KB
- MD5
  
  967d2dd88fe4a18a1593c5fb25da4a6e
- SHA1
  
  5295dbd3fd2d828e56d20741db9fbd84e809cfa7
- SHA256
  
  e324db0ece1d167afd6b4344e41ae12cd39bf5b87b774722c52b0408fe156ca1
- SHA512
  
  1e532896797738ad655c31c3be06d16453049d23bf7a78e08358ae41d45b2d5d2db02e5c8383334529faeb84040b7c59a668adcb22198b8f3fd6196a07f18ef6
Score

10^/10

formbook rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2