formbook

General

Target

DO854.exe
Size

720KB
Sample

211015-hmjngsafc8
MD5

bcb6b1075cf6afcf43d06046b3c9ee3e
SHA1

0062dbb25b586cd8e20cc79e309c1087ea6f055f
SHA256

a9ab19b5e80ce04548b75d379c494d3113f71dfa81afaf23b512e7ee23ef6667
SHA512

f088debbb62d3d07f0e0f186849de585ccc9f4ebff3402b98c0a473c0a23a4da635d3b0a592c88c2dc3b65896ecf0b5b40886576720110d50f37f074f867c2a6

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

fzsg

C2

http://www.grouplmc.com/fzsg/

Decoy

thewetpatch.wtf

oceanfrontrecords.com

ultimatemecha.com

domainnameshq.com

schieksrvservice.com

bedandbreakfastitalia.cloud

rfmlc.com

hightechvids.com

greenvilledermotolgy.com

psilocybinforu.com

xjkerwen.com

euro-d-rev.com

shans-online.com

masterofcrypto.com

gamodaitaliana.online

lavivabet217.com

femsol.online

qafyzey.site

kang17.xyz

kilimlove.com

Targets

- Target
  
  DO854.exe
- Size
  
  720KB
- MD5
  
  bcb6b1075cf6afcf43d06046b3c9ee3e
- SHA1
  
  0062dbb25b586cd8e20cc79e309c1087ea6f055f
- SHA256
  
  a9ab19b5e80ce04548b75d379c494d3113f71dfa81afaf23b512e7ee23ef6667
- SHA512
  
  f088debbb62d3d07f0e0f186849de585ccc9f4ebff3402b98c0a473c0a23a4da635d3b0a592c88c2dc3b65896ecf0b5b40886576720110d50f37f074f867c2a6
Score

10^/10

formbook fzsg agilenet rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Executes dropped EXE

Loads dropped DLL

Obfuscated with Agile.Net obfuscator

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2