formbook

General

Target

77e9f5464c103f8fedf6ae500d87dd32
Size

654KB
Sample

210727-fncswjlq66
MD5

77e9f5464c103f8fedf6ae500d87dd32
SHA1

63ac44a904971f265decc404583bd3912c31cf02
SHA256

7b40c9c16df4b35ae04076a8afd38c4fe4bf5525bb388ea3871ec2371fa9e049
SHA512

4488ffcb12abd71d0e25ba10655085d5c876ea047a85cb8d02f1280442b998b85e3b8adadcd3a5e835b062fd27953fb05dc9a4c96e7f4cbe7869812a65fa2f6e

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.yjhlgg.com/grve/

Decoy

jrvinganimalexterminator.com

smallsyalls.com

po1c3.com

mencg.com

aussieenjoyment.today

espace22.com

aanmelding-desk.info

gallopshoes.com

nftsexy.com

ricosdulcesmexicanos.com

riseswift.com

thechicthirty.com

matdcg.com

alternet.today

creativehuesdesigns.com

rjkcrafts.com

lowdosemortgage.com

adoptahamster.com

wellness-sense.com

jacardcapital.com

Targets

- Target
  
  77e9f5464c103f8fedf6ae500d87dd32
- Size
  
  654KB
- MD5
  
  77e9f5464c103f8fedf6ae500d87dd32
- SHA1
  
  63ac44a904971f265decc404583bd3912c31cf02
- SHA256
  
  7b40c9c16df4b35ae04076a8afd38c4fe4bf5525bb388ea3871ec2371fa9e049
- SHA512
  
  4488ffcb12abd71d0e25ba10655085d5c876ea047a85cb8d02f1280442b998b85e3b8adadcd3a5e835b062fd27953fb05dc9a4c96e7f4cbe7869812a65fa2f6e
Score

10^/10

formbook rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- CustAttr .NET packer
  Detects CustAttr .NET packer in memory.
- Formbook Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

CustAttr .NET packer

Formbook Payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2