formbook

General

Target

pfr 80954820021.lzh
Size

430KB
Sample

210909-gcar6affa7
MD5

114ec52b0359ebf958ec3555c98d02c2
SHA1

e62780f6e09824c7f7024d9b5fab11ff9a583356
SHA256

d30cbac4a7e4d4d0376a9b64239a9da93fffcfe2ac222a74418be5b3f09d2834
SHA512

7437eeebf3df1741ca0a94eaed7c33d1a50e4d68b040e9ad5b9e6caee206288df2e2549687246a3a4f7e301e3bba6db8b738f426e8377c7022338da2a9224d46

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ergs

C2

http://www.barry-associates.com/ergs/

Decoy

jardineriavilanova.com

highkeyfashionboutique.com

willingtobuyyourhouse.com

ysfno.com

bjkhjzzs.com

hexmotif.com

intentionalerror.com

nuu-foundfreedom.com

catalystspeechservices.com

blackmybail.com

xntaobaozhibo.com

site-sozdat.online

45quisisanadr.com

ipawlove.com

yifa5188.com

admm.email

houseoftealbh.com

scale-biz.com

vdvppt.club

loveandlight.life

Targets

- Target
  
  pfr 80954820021.exe
- Size
  
  702KB
- MD5
  
  a59ac7b2bcf00d4d15a9a010d56139b0
- SHA1
  
  09e4feef7b72c18b90b589f0d3f7f4fccba1664c
- SHA256
  
  83b3d86539fd63f97b860e86c3e61b4e2c64dc1ff2936566d5bda292ab6e478d
- SHA512
  
  a97e111d09fc0319552101ce3aa3e20e7e20e8ca6bfd2e0a51191bb15de98b0cd323f845382dea87a370433e9608e01c70c5edb20a657963c708134cc6136248
Score

10^/10

formbook ergs rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2