formbook

General

Target

4917704008040448.zip
Size

450KB
Sample

210727-r1335ekq4s
MD5

24624bc85d34b5fa03ec40a36573f87a
SHA1

32732f0f8cec3b9f54aec8d50534aab6eea46eda
SHA256

dbabe793c3c52715587a80d2d5ab900cb3908465873809c244ac926114c17194
SHA512

e22a707a410f79fb8bb953c2b7654f402b151409a213d114094853863042973c476fcb825c1ebdd503324d2667cb8acde280d3b8d3c0e13031f631d0f372d1d2

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.orchardviewbostons.com/g65/

Decoy

axsnaplp.icu

hmizat-khouribga.com

dishantnarang.com

ratchakarn.net

seatoskyphotos.com

emodel88.com

rajroyalepromoters.com

lzsfdnrm.com

premierpropertiesms.com

embodimentawareness.com

xn--q3ca0aaec3a1i6ah5eyf5a.com

yc8807.com

communitycouponbook.com

commercialbeach.com

elnurtic.com

edancesportradio.net

forcedir.com

zgzhzm.com

top-specials99.com

redwoodvisitor.com

Targets

- Target
  
  bdeac23022bd4b5499d23471e51d2c96c2048475f72da65a98064b551d3d72b9
- Size
  
  511KB
- MD5
  
  bacc243ec00ce90570cde50f458e1d1d
- SHA1
  
  bf6c61f77a8e79890f88c1fdb84e640f60a83b13
- SHA256
  
  bdeac23022bd4b5499d23471e51d2c96c2048475f72da65a98064b551d3d72b9
- SHA512
  
  607043ae17e0432f78bebe32b4e3ab88631795a8981c738c1fa61a721e3ef45f4da1a446482fb9ee39956cf39fc3cfe32b51c7853e7caffd63064290518d0155
Score

10^/10

formbook rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2