formbook

General

Target

e26a74c3a4ed07700a690e1763ea18b8.exe
Size

587KB
Sample

211011-xdh3xshhd5
MD5

e26a74c3a4ed07700a690e1763ea18b8
SHA1

02b7b6075564632a4671ea51bf1a1a0a2bfc8200
SHA256

76cd5f994be53f3f24e2b2018263b9ab582e84870ee8d24f38c6d11adae3688c
SHA512

866a172834804e71ab75636e081677107efedd120b480aa2e28a74e51214a8e3b422689c6a044ccaafd4177cbeace2fc89be118992bd5ec4b6680528704e9701

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ed9s

C2

http://www.vaughnmethod.com/ed9s/

Decoy

pocketoptioniraq.com

merabestsolutions.com

atelectronics.site

fuxueshi.net

infinitystay.com

forensicconcept.site

txpmachine.com

masterwhs.xyz

dia-gnwsis.art

fulltiltnodes.com

bigbnbbsc.com

formation-figma.com

bonanacroin.net

medicalmarijuanasatx.com

bagnavy.com

aaegiscares.net

presentationpublicschool.com

bestyousite.site

prescriptionn.com

beyondthenormbouquets.com

Targets

- Target
  
  e26a74c3a4ed07700a690e1763ea18b8.exe
- Size
  
  587KB
- MD5
  
  e26a74c3a4ed07700a690e1763ea18b8
- SHA1
  
  02b7b6075564632a4671ea51bf1a1a0a2bfc8200
- SHA256
  
  76cd5f994be53f3f24e2b2018263b9ab582e84870ee8d24f38c6d11adae3688c
- SHA512
  
  866a172834804e71ab75636e081677107efedd120b480aa2e28a74e51214a8e3b422689c6a044ccaafd4177cbeace2fc89be118992bd5ec4b6680528704e9701
Score

10^/10

formbook ed9s rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2