formbook

General

Target

Amended SO of 2000KVA400KVA.lzh
Size

569KB
Sample

210922-ppgp8sceh6
MD5

b74c4168222ae27a7cf68fc783f440f5
SHA1

037062095ea8f0bda86f5affa083c3b3e6a203cb
SHA256

90086266feb549b0e4cd0a96a2ed5752ace95ba47bb15479cdf1e7e4fdbfeb2f
SHA512

648fa7877274ca0864ea75d6fc7a36e40d3b30b3dace2b8d823808b65f8ad8f2d4d4321b606fb9924bbf86281c43dc9f5992438624ecb946c1a648c46c89283f

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ergs

C2

http://www.iselotech.com/ergs/

Decoy

oceanprimesanfrancisco.com

dk-tnc.com

sodangwang.com

abrat-ed.com

dusubiqiqijem.xyz

getsup.online

homeneto.com

shose8.com

tronlane.com

nidowicosasod.xyz

independienteatleticclub.com

pca-winschool.com

realbadnastystories.site

bluevioletfloral.com

simplifiedpeacepodcast.com

abcfreediving.com

theyardbunny.com

holoique.com

ibkr1325.com

tjnfioou.xyz

Targets

- Target
  
  Amended SO of 2000KVA400KVA.exe
- Size
  
  749KB
- MD5
  
  55552a34489fa2cf62cac5667e17cd45
- SHA1
  
  0292df2a71fbeed972ad72e29d42c4fd71469372
- SHA256
  
  410659d6e76a955d58e88df12ffea3550a57758513630f051c6e66caa343fdad
- SHA512
  
  5c22f59cb3819ab0230043bb27de9c134872c316a998e1e08d1bb3653f00310327b821dea128ee021fcbb4a6ee1e33fdc539606c5a13f7099977808be575ecae
Score

10^/10

formbook ergs rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2