formbook

General

Target

Lettera di restituzione per Siberia LLC.jpeg.exe
Size

893KB
Sample

211004-lbcbtagae7
MD5

6e2732d297f1666f6c9eed9de730c39e
SHA1

54df8b2dc7352b75dd09103f2a399fde314e4e53
SHA256

a93b39035f5ae1ace569c25759239f8c0361bf2462cb22f2a780c14de2821fe4
SHA512

0ea8f7a145129ba54132b4833952b66783ade6d28cf9f551800018de6b946e661f7c903405e22136acd037335f43ae8668fd27a3419985f3f932e50b8e6d86d8

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

n7ak

C2

http://www.kmresults.com/n7ak/

Decoy

modischoolcbse.com

theneverwinter.com

rszkjx-vps-hosting.website

fnihil.com

1pbet.com

nnowzscorrez.com

uaotgvjl.icu

starmapsqatar.com

ekisilani.com

extradeepsheets.com

jam-nins.com

buranly.com

orixentertainment.com

rawtech.energy

myol.guru

utex.club

jiapie.com

wowig.store

wweidlyyl.com

systaskautomation.com

Targets

- Target
  
  Lettera di restituzione per Siberia LLC.jpeg.exe
- Size
  
  893KB
- MD5
  
  6e2732d297f1666f6c9eed9de730c39e
- SHA1
  
  54df8b2dc7352b75dd09103f2a399fde314e4e53
- SHA256
  
  a93b39035f5ae1ace569c25759239f8c0361bf2462cb22f2a780c14de2821fe4
- SHA512
  
  0ea8f7a145129ba54132b4833952b66783ade6d28cf9f551800018de6b946e661f7c903405e22136acd037335f43ae8668fd27a3419985f3f932e50b8e6d86d8
Score

10^/10

formbook n7ak rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2