formbook

General

Target

PLM-QUOT-292MKV AST.lzh
Size

432KB
Sample

210910-l92z5ahhg4
MD5

34cf573a784ca27c172ac6ca209e17c6
SHA1

df0019e2575938dfd2387b083742960090c48219
SHA256

d4fb3556995ee659f550487a7eda98e7b422a0a6a8e4ba7f5777c7973cae312d
SHA512

0022598616f874b6b2f17496532c2bca30e10c394d838996362446309218a6ce45b96d9eadcb78b096d5624d4c097841c3ad3da317f8c346c8b68b92710d3c49

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ergs

C2

http://www.barry-associates.com/ergs/

Decoy

jardineriavilanova.com

highkeyfashionboutique.com

willingtobuyyourhouse.com

ysfno.com

bjkhjzzs.com

hexmotif.com

intentionalerror.com

nuu-foundfreedom.com

catalystspeechservices.com

blackmybail.com

xntaobaozhibo.com

site-sozdat.online

45quisisanadr.com

ipawlove.com

yifa5188.com

admm.email

houseoftealbh.com

scale-biz.com

vdvppt.club

loveandlight.life

Targets

- Target
  
  PLM-QUOT-292MKV AST.exe
- Size
  
  525KB
- MD5
  
  4d212e509348f56edb404d564a19d6b8
- SHA1
  
  59d3542f9e2f3e74078e837e5cba3d46d1414ad8
- SHA256
  
  3c74c617119a6ba48fd332b234183150245f1594acf80eb51935783d68d4f783
- SHA512
  
  89bf3a8a1232662245c6b4b96f69801027635f38b5de4099eb6c6fbffc944b38bb8e50362b586a10ae1c31b43f0565a62222b6c9bf6a9a8364d6d3c43645e463
Score

10^/10

formbook ergs rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2