formbook

General

Target

PO Pedido de consulta RFQ1120020211001.zip
Size

459KB
Sample

211001-yzlxdadbc7
MD5

90c9aa2da59bd71b05ee0ca93a76d6f2
SHA1

21a9415d5769d09d87b2998be2694e39c23cb92d
SHA256

e70dfa0994d067391727cf53a60a5ca1b31c38b110047b5fb7bc424c28cf3da2
SHA512

e3a54b157b7da70215e6de747ae118287baf71f6d81637d2a0231a31bef2852af57e230de533962312abd44c911262abc455aa51ae488dfd46772990f7ebbfc2

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

s3dy

C2

http://www.livelifevibrantcourse.com/s3dy/

Decoy

ravlygte.info

marketnewsville.online

flooring-envy.com

flavourhouston.com

donghohanghieunam.com

globleitsolutions.com

digitalgraphicarts.com

cupidbeautybar.com

cannavybes.com

negative-dsp.com

littledali.com

meltwatersoftware.info

blackdogland.com

danasales.com

mississippiscorecard.com

mainesmoker.com

sirenxinlilzixun.com

tychehang.com

gentciu.com

weckloltd.com

Targets

- Target
  
  PO Pedido de consulta RFQ1120020211001.exe
- Size
  
  634KB
- MD5
  
  5b15b475681f29f6819194e1dbe189c3
- SHA1
  
  20fe2955ab3f46646d0ad3e73ed7527fc73302a4
- SHA256
  
  bd838c03d3ec42b59246427e17f5421d564148e902e190e94c1673f0a89bf473
- SHA512
  
  afb22234aadc7ec1c44a7691eb78b47897d28ef4c6fd1725312e250dcbc6518ad8203f759980592f9ea218499702219a39d4b86f5050d24c9044e5f2e07c881a
Score

10^/10

formbook s3dy rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2