formbook

General

Target

1d41e32ebf12225fb2895aced3d60e9b
Size

566KB
Sample

211124-yvzmnsdegm
MD5

1d41e32ebf12225fb2895aced3d60e9b
SHA1

63e74fa4f23e99abd88ffd250c850636a0138e8f
SHA256

0626da1000aa221c4f0c47872a0f33eabff9d952bdca540c6e35083e8a0ffabe
SHA512

08fd2bd1ec90d3aec5e04c8d5b92af54beff557c03b7b27276b26ae86d833f038173945d248cb199bc0f05d0cdf9f1b2b25d211e351b12cb85bfe5232ef4eacb

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ob7y

C2

http://www.metanewsroom.net/ob7y/

Decoy

ipsdjf.com

mlphntec.com

restaurant-day.store

writeramylong.com

flokigamefi.com

usetianyi.xyz

punishstrikebreaker.quest

ericnfleming.com

dhhwtieen.xyz

milfhackers.com

fewefie.store

pithstsdiet.store

kirsten-hemmerich.com

casinolopoca.com

sigag.xyz

geilepoes.com

metawhatsapp.art

sarjin.xyz

toprabatte.net

lotofbrave.club

Targets

- Target
  
  1d41e32ebf12225fb2895aced3d60e9b
- Size
  
  566KB
- MD5
  
  1d41e32ebf12225fb2895aced3d60e9b
- SHA1
  
  63e74fa4f23e99abd88ffd250c850636a0138e8f
- SHA256
  
  0626da1000aa221c4f0c47872a0f33eabff9d952bdca540c6e35083e8a0ffabe
- SHA512
  
  08fd2bd1ec90d3aec5e04c8d5b92af54beff557c03b7b27276b26ae86d833f038173945d248cb199bc0f05d0cdf9f1b2b25d211e351b12cb85bfe5232ef4eacb
Score

10^/10

formbook ob7y rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2