formbook

General

Target

doc0490192021092110294.exe
Size

478KB
Sample

210924-jqzdsagcg3
MD5

f22b3511efd4b6bb233ac4e30170b997
SHA1

98060cb83afb98719af740abd07b0f413dc75530
SHA256

6fd5dbec01eb7f767fc3b4046d9aa50f80e50f5ab9439480efb87620faef473c
SHA512

f86eed36dc05d7f49d744461f73ce03b6906ae6e3571cfb624d0a9d7a91062f0dcdc13201b6c6ebc1116f4853a868308082a5dd8dcccec8b2fdeeb37a9962329

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ergs

C2

http://www.iselotech.com/ergs/

Decoy

oceanprimesanfrancisco.com

dk-tnc.com

sodangwang.com

abrat-ed.com

dusubiqiqijem.xyz

getsup.online

homeneto.com

shose8.com

tronlane.com

nidowicosasod.xyz

independienteatleticclub.com

pca-winschool.com

realbadnastystories.site

bluevioletfloral.com

simplifiedpeacepodcast.com

abcfreediving.com

theyardbunny.com

holoique.com

ibkr1325.com

tjnfioou.xyz

Targets

- Target
  
  doc0490192021092110294.exe
- Size
  
  478KB
- MD5
  
  f22b3511efd4b6bb233ac4e30170b997
- SHA1
  
  98060cb83afb98719af740abd07b0f413dc75530
- SHA256
  
  6fd5dbec01eb7f767fc3b4046d9aa50f80e50f5ab9439480efb87620faef473c
- SHA512
  
  f86eed36dc05d7f49d744461f73ce03b6906ae6e3571cfb624d0a9d7a91062f0dcdc13201b6c6ebc1116f4853a868308082a5dd8dcccec8b2fdeeb37a9962329
Score

10^/10

formbook ergs rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2