formbook

General

Target

SecuriteInfo.com.Trojan.PackedNET.953.13414.21329
Size

658KB
Sample

210728-nvv7gsg9y6
MD5

7fe8c41bb1d7824a3d85eccb9dd59a14
SHA1

c91f48bf0b3a56b4b8a8179a7d24aaeaa73d5765
SHA256

eac598331e98c72219bd9f7fbc5754288aaa0236cd27d09bce81a182503ac7ea
SHA512

fcb66c54fc6b9c2bba0d20f11f22d1ee9b0b3894801e67607b2cc781637c348e06ef83d2a9752727d9df58312eef70e2dedcded4eea006573d332620f3862de9

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.santanabeautycares.com/gmtr/

Decoy

kocnetelgroup.com

william-and-alexandra.com

overseasdata.com

the-wild-wild-east.com

analistaweb.net

hybridkarts.com

secure-apple-ld.com

semjasessprx.com

ahaa.store

9maskgame.online

bellydancer-cicycai.com

qy35tc.com

immopix.net

catarinayamamoto.com

binvestcrm.com

mycsource.com

cookedonpropane.net

melmorg.com

mattkalita.com

animalkitchen.net

Targets

- Target
  
  SecuriteInfo.com.Trojan.PackedNET.953.13414.21329
- Size
  
  658KB
- MD5
  
  7fe8c41bb1d7824a3d85eccb9dd59a14
- SHA1
  
  c91f48bf0b3a56b4b8a8179a7d24aaeaa73d5765
- SHA256
  
  eac598331e98c72219bd9f7fbc5754288aaa0236cd27d09bce81a182503ac7ea
- SHA512
  
  fcb66c54fc6b9c2bba0d20f11f22d1ee9b0b3894801e67607b2cc781637c348e06ef83d2a9752727d9df58312eef70e2dedcded4eea006573d332620f3862de9
Score

10^/10

formbook rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- CustAttr .NET packer
  Detects CustAttr .NET packer in memory.
- Formbook Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

CustAttr .NET packer

Formbook Payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2