formbook

General

Target

27ffb11dd7fb0f497d6e43f07dc3678c
Size

638KB
Sample

211009-jptrxafber
MD5

27ffb11dd7fb0f497d6e43f07dc3678c
SHA1

ce5a7a2b9dddf5e3cdea4ac35eb698d1d7c556b1
SHA256

46ce2096cf4b2b0a2dfa386e25baa17078c270a469ae6704e36611fb7c67f908
SHA512

67f895848378672fcdaae89ad7cb230068aea043cf177397065167dffc750e4adbb75c87b1ac5fde8cc8c4cffb964fec7fe22492bc8422355faac44e4304df0a

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ed9s

C2

http://www.vaughnmethod.com/ed9s/

Decoy

pocketoptioniraq.com

merabestsolutions.com

atelectronics.site

fuxueshi.net

infinitystay.com

forensicconcept.site

txpmachine.com

masterwhs.xyz

dia-gnwsis.art

fulltiltnodes.com

bigbnbbsc.com

formation-figma.com

bonanacroin.net

medicalmarijuanasatx.com

bagnavy.com

aaegiscares.net

presentationpublicschool.com

bestyousite.site

prescriptionn.com

beyondthenormbouquets.com

Targets

- Target
  
  27ffb11dd7fb0f497d6e43f07dc3678c
- Size
  
  638KB
- MD5
  
  27ffb11dd7fb0f497d6e43f07dc3678c
- SHA1
  
  ce5a7a2b9dddf5e3cdea4ac35eb698d1d7c556b1
- SHA256
  
  46ce2096cf4b2b0a2dfa386e25baa17078c270a469ae6704e36611fb7c67f908
- SHA512
  
  67f895848378672fcdaae89ad7cb230068aea043cf177397065167dffc750e4adbb75c87b1ac5fde8cc8c4cffb964fec7fe22492bc8422355faac44e4304df0a
Score

10^/10

formbook ed9s rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2