formbook

General

Target

Novi poredak. 09324314.exe
Size

713KB
Sample

210915-ytjj3abca4
MD5

f9b5b86eb4db654917c7e1ddbbe0d5c2
SHA1

75e95bf439fbf8d6f387467c6ac2eb82ee9d3d1d
SHA256

c839e1036e4c8c7568d66cfb7c269ab8ed8048f9fc5a89464d82572a6efc1c28
SHA512

1a2c8322f6caf829cf4b393f1dbf74ae11c19e2af111c6127f3593827392c85458da71bbffa7f63e5a03f347801c178a8f315ca5ce47ab0683b92a45e63e094e

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

3nop

C2

http://www.jakesplacebarbers.com/3nop/

Decoy

videohm.com

panache-rose.com

alnooncars-kw.com

trueblue2u.com

brussels-cafe.com

ip2c.net

influenzerr.com

rbcoq.com

zzful.com

drainthe.com

sumaholesson.com

cursosaprovados.com

genotecinc.com

dbrulhart.com

theapiarystudios.com

kensyu-kan.com

dkku88.com

tikhyper.com

aztecnort.com

homebrim.com

Targets

- Target
  
  Novi poredak. 09324314.exe
- Size
  
  713KB
- MD5
  
  f9b5b86eb4db654917c7e1ddbbe0d5c2
- SHA1
  
  75e95bf439fbf8d6f387467c6ac2eb82ee9d3d1d
- SHA256
  
  c839e1036e4c8c7568d66cfb7c269ab8ed8048f9fc5a89464d82572a6efc1c28
- SHA512
  
  1a2c8322f6caf829cf4b393f1dbf74ae11c19e2af111c6127f3593827392c85458da71bbffa7f63e5a03f347801c178a8f315ca5ce47ab0683b92a45e63e094e
Score

10^/10

formbook 3nop rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2