formbook

General

Target

Amended SO of 2000KVA400KVA.exe
Size

749KB
Sample

210922-qag8wscfd3
MD5

55552a34489fa2cf62cac5667e17cd45
SHA1

0292df2a71fbeed972ad72e29d42c4fd71469372
SHA256

410659d6e76a955d58e88df12ffea3550a57758513630f051c6e66caa343fdad
SHA512

5c22f59cb3819ab0230043bb27de9c134872c316a998e1e08d1bb3653f00310327b821dea128ee021fcbb4a6ee1e33fdc539606c5a13f7099977808be575ecae

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ergs

C2

http://www.iselotech.com/ergs/

Decoy

oceanprimesanfrancisco.com

dk-tnc.com

sodangwang.com

abrat-ed.com

dusubiqiqijem.xyz

getsup.online

homeneto.com

shose8.com

tronlane.com

nidowicosasod.xyz

independienteatleticclub.com

pca-winschool.com

realbadnastystories.site

bluevioletfloral.com

simplifiedpeacepodcast.com

abcfreediving.com

theyardbunny.com

holoique.com

ibkr1325.com

tjnfioou.xyz

Targets

- Target
  
  Amended SO of 2000KVA400KVA.exe
- Size
  
  749KB
- MD5
  
  55552a34489fa2cf62cac5667e17cd45
- SHA1
  
  0292df2a71fbeed972ad72e29d42c4fd71469372
- SHA256
  
  410659d6e76a955d58e88df12ffea3550a57758513630f051c6e66caa343fdad
- SHA512
  
  5c22f59cb3819ab0230043bb27de9c134872c316a998e1e08d1bb3653f00310327b821dea128ee021fcbb4a6ee1e33fdc539606c5a13f7099977808be575ecae
Score

10^/10

formbook ergs rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Blocklisted process makes network request
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Blocklisted process makes network request

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2