formbook

General

Target

41e06e82e75e4ef9e8ea586e80ee24f3
Size

470KB
Sample

211123-l98snsche4
MD5

41e06e82e75e4ef9e8ea586e80ee24f3
SHA1

ea318f7e4d8144468397ff13a6e09940357914b6
SHA256

ceae18ab6ce271c2a6530479958c0ce5c5330988de8d93eefb7b4700ba22f22e
SHA512

d4318543e059f2f433496ed49b57c41b0523a0e7d03d9597898e275f07da9e5639fe75f87978f44209e49d3cd659031d46b2a3b86a678de507a3e3731a267627

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

og2w

C2

http://www.celikkaya.xyz/og2w/

Decoy

drivenexpress.info

pdfproxy.com

zyz999.top

oceanserver1.com

948289.com

nubilewoman.com

ibizadiamonds.com

bosniantv-australia.com

juliehutzell.com

poshesocial.events

icsrwk.xyz

nap-con.com

womansslippers.com

invictusfarm.com

search-panel-avg-rock.rest

desencriptar.com

imperialexoticreptiles.com

agastify.com

strinvstr.com

julianapeloi.com

Targets

- Target
  
  41e06e82e75e4ef9e8ea586e80ee24f3
- Size
  
  470KB
- MD5
  
  41e06e82e75e4ef9e8ea586e80ee24f3
- SHA1
  
  ea318f7e4d8144468397ff13a6e09940357914b6
- SHA256
  
  ceae18ab6ce271c2a6530479958c0ce5c5330988de8d93eefb7b4700ba22f22e
- SHA512
  
  d4318543e059f2f433496ed49b57c41b0523a0e7d03d9597898e275f07da9e5639fe75f87978f44209e49d3cd659031d46b2a3b86a678de507a3e3731a267627
Score

10^/10

formbook og2w rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2