formbook

General

Target

4743974023757824.zip
Size

432KB
Sample

210727-bxg37s5at2
MD5

ac297091520805a722b888b04eb297c0
SHA1

80a5c5165b2d2a5750ff9c5bc5ee94e35190b432
SHA256

147b79677b2a39e7e1b4691e4e8867444253e977813ecc4b49b56af43cfb3433
SHA512

326a8ddd3c38609d6a6df85d7b74d40bdde9b44eb92fc5327879489d84883f108118310c7ccead4bd3b54b49b69ccf23540c085dfb56fb82acb7e0d7e747a936

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.sportsbooksil.com/css/

Decoy

small-business-credit.com

waypsy.com

azerni.com

netzafe.com

crceg-eldjazair.com

minitruckwiki.com

lensdemy.com

cognitivecorridors.com

foxredart.com

m-groove.com

delevateagency.com

franklyspeakingtheword.com

iplleatheraccessories.com

print-and-ink.com

callpine.com

grydomarmy.com

washfoldndelivery.com

tarapharm.com

adairepalmer.com

jilbabsanaya.com

Targets

- Target
  
  KNNBHBL43590303005084SOB07Dec20TXL15Feb21/KNNBHBL43590303005084SOB07Dec20TXL15Feb21.exe
- Size
  
  542KB
- MD5
  
  71b8954c01a98f7f9efcd86388cab318
- SHA1
  
  fac366fa3660e1db0dfa2473fc805444bbfbb1f5
- SHA256
  
  af4150ab77918813e1f16480bac0fae2c80f0d77e7c205da5dc7220c08095890
- SHA512
  
  e0a346cd1f643dfe4af6d004aea39c68cdcbfe692cb205352c8be00f1f95324386f43e420b36057eda9ee1f97e9d2cec0dfd2c20afde106e1260ad45adca551e
Score

10^/10

formbook rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2