formbook

General

Target

COSU6310547380BC.PDF.lzh
Size

597KB
Sample

210909-rp5s6sgce7
MD5

1e69e605afbbfa78fa9c4f0ba012ab6f
SHA1

ee28f4fd4cf83176a95d3cc1e32c045b3f2d6de3
SHA256

1e2f8ed0debad6a48bfaee2802a1e737a0afeeb4fb672a5f8d9628b4e3e1f9df
SHA512

c1707b24db4253e4373e77108c6eed40c4a54eafbda71f9db66259c9c43fd7465ccb43f02c1b216ec7f7bc1cc40eb3430841e99bdd9911cd365b4a1742de523b

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ergs

C2

http://www.barry-associates.com/ergs/

Decoy

jardineriavilanova.com

highkeyfashionboutique.com

willingtobuyyourhouse.com

ysfno.com

bjkhjzzs.com

hexmotif.com

intentionalerror.com

nuu-foundfreedom.com

catalystspeechservices.com

blackmybail.com

xntaobaozhibo.com

site-sozdat.online

45quisisanadr.com

ipawlove.com

yifa5188.com

admm.email

houseoftealbh.com

scale-biz.com

vdvppt.club

loveandlight.life

Targets

- Target
  
  COSU6310547380BC.PDF.exe
- Size
  
  959KB
- MD5
  
  031b19f1f116244a1b5f1f29b59f9dfa
- SHA1
  
  f735b258c06129b0c52d58be23a2a0f1729ace90
- SHA256
  
  0cdbab37f443dbdc7fb7aecc5e0b8dfb7b25b7d665397194bb8a137e9b01d44f
- SHA512
  
  1f6b1a208e42e64a26f242eb77c63779fe637dd48acdf4ba0c9c2931be587d1c91569938a31c15a24dc945e6880a550ab2db494785d35a643bf37ac9f6bab16e
Score

10^/10

formbook ergs rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2