formbook

General

Target

a183768631f68d124acdc41ae7f952ae
Size

367KB
Sample

211112-ndp2ssdcf8
MD5

a183768631f68d124acdc41ae7f952ae
SHA1

d2ce1c1c2fafa37c77f532b91a342f37e3da8fd0
SHA256

4bde2d0abed748c6fb8620ab890cbb09fa5749c4ef749e8cd5c6c7dd40cfd37b
SHA512

040290df669394070eebf180f712bb574e10289afe0649852b13ade24c26c0d84c68d2b6c27d09d6b71e3818280c00da0b6b6e03097c193b13a70e490802e5c8

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

9gr5

C2

http://www.cuteprofessionalscrubs.com/9gr5/

Decoy

newleafcosmetix.com

richermanscastle.com

ru-remonton.com

2diandongche.com

federaldados.design

jeffreycookweb.com

facecs.online

xmeclarn.xyz

olgasmith.xyz

sneakersonlinesale.com

playboyshiba.com

angelamiglioli.com

diitaldefynd.com

whenevergames.com

mtheartcustom.com

vitalactivesupply.com

twistblogr.com

xn--i8s140at3d6u7c.tel

baudelaireelhakim.com

real-estate-miami-searcher.site

Targets

- Target
  
  a183768631f68d124acdc41ae7f952ae
- Size
  
  367KB
- MD5
  
  a183768631f68d124acdc41ae7f952ae
- SHA1
  
  d2ce1c1c2fafa37c77f532b91a342f37e3da8fd0
- SHA256
  
  4bde2d0abed748c6fb8620ab890cbb09fa5749c4ef749e8cd5c6c7dd40cfd37b
- SHA512
  
  040290df669394070eebf180f712bb574e10289afe0649852b13ade24c26c0d84c68d2b6c27d09d6b71e3818280c00da0b6b6e03097c193b13a70e490802e5c8
Score

10^/10

formbook 9gr5 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2