formbook

General

Target

Ministry of Health Kingdom of Bahrain.rar
Size

338KB
Sample

211014-sqw34ahhh8
MD5

9747a8c2dcbebf2c4d9ce40749e8dda4
SHA1

c474adec19333b76b838bce0be5d8d8ed39f94db
SHA256

d3f0200fcc0bce4cf561cb2755d6a16b4106465e1bd8d14a8b320f7a3708cac9
SHA512

b4d2db00d07a7c437633df33b326513b7265cfa1874668500e41b06cfc4765ab0489e0dce1b1d780404b5a18328067cf5eebdd94a2218d376bb0c3285be34a37

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ey5a

C2

http://www.puwuved.xyz/ey5a/

Decoy

lygptkl.com

winsentrade.com

bluprintliving.com

yumohealth.com

cherryadulttoys.com

gianttigar.com

maxhutmacher.net

autostokyocorp.com

calvaryload.com

stixxiepix.com

j98152.com

starsky666.xyz

loadkicks.com

designauraspace.com

wwwfmcna.com

mikakonaitopsychologist.com

kristalsuaritma.com

kh180.com

kulturel.net

araveenapark.com

Targets

- Target
  
  Ministry of Health Kingdom of Bahrain.exe
- Size
  
  358KB
- MD5
  
  e1a110c51c33c12ee53679c40c954395
- SHA1
  
  361ca3b8600138c93a6cb8728ddefd7bb1be53ef
- SHA256
  
  ad4c2025f6a3741ba965e53a40e907b04dd1031c666e80d98afe6fd00c70239d
- SHA512
  
  8572c6c49eca57c0a89523df94c73eb65617687c4e89045633eeafb05f2844f6c14df7ef0e61fa05a1cae39d5fa664d8e206c6cccadcacc03d749a9b0caefdfb
Score

10^/10

formbook ey5a rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2