formbook

General

Target

56784137661c7e02c6c0e36b8fd217de
Size

650KB
Sample

210727-pcrs1ky1zj
MD5

56784137661c7e02c6c0e36b8fd217de
SHA1

5b5d6c51607a99af40889379e369f8ecb98f95b8
SHA256

7d65154a5dc05da45ebfe7b8a5bdb4858bf80812060257a5bde5d90ab12b23a6
SHA512

fbf7c67d3598b7e62ee9eb77cb6e190672fdd9e635f07752c46e7e815083a90a5927e9e0a5c22eac66f836916cdb2724ddc03b9fec3c402b5b073c225f0f026e

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.surreal-myzrael.com/z7a/

Decoy

dotstories.xyz

egd-dz.com

caringhealthrecruit.com

transportdupont.com

teh-support.pro

catfad.com

pinewoodlakepool.net

pendekar-qq.info

duplicuty-garden.com

librtshop.com

stepmed.life

seatplusplus.com

bluzelle.money

weflew.xyz

bolaci.com

arrebatamentonews.com

sukesanblog.com

shadow-campaign.com

anpfiff.net

taste-of-poland.com

Targets

- Target
  
  56784137661c7e02c6c0e36b8fd217de
- Size
  
  650KB
- MD5
  
  56784137661c7e02c6c0e36b8fd217de
- SHA1
  
  5b5d6c51607a99af40889379e369f8ecb98f95b8
- SHA256
  
  7d65154a5dc05da45ebfe7b8a5bdb4858bf80812060257a5bde5d90ab12b23a6
- SHA512
  
  fbf7c67d3598b7e62ee9eb77cb6e190672fdd9e635f07752c46e7e815083a90a5927e9e0a5c22eac66f836916cdb2724ddc03b9fec3c402b5b073c225f0f026e
Score

10^/10

formbook rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- CustAttr .NET packer
  Detects CustAttr .NET packer in memory.
- Formbook Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

CustAttr .NET packer

Formbook Payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2