formbook

General

Target

2c5f5dbeb72dc0832f94f4ad3bfe984ac1e8a9dd6b64a4335394cfc16ee00a6a
Size

737KB
Sample

220516-xgd85sehhj
MD5

38694cf4cf60fc8408f11b40e2e62338
SHA1

e42b57f70784715d37794ec05cc0da6ff356345c
SHA256

2c5f5dbeb72dc0832f94f4ad3bfe984ac1e8a9dd6b64a4335394cfc16ee00a6a
SHA512

fdb9cc5ff5a872bc9f383d06582a726652b4a2ce491bc1482bcf6e1808950835d57144061ee68b73a917db660f8aaaa381d4e6dc1657e69e5dca4d32d7648657

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

bnc

Decoy

iseoguide.com

rogerellisonline.com

thephonelenses.com

reddystone.com

explorehokianga.com

miaflcio.vote

baonihaochi.com

thewiseengineer.com

exciplexinc.com

luewaeeqaredre.com

atharvatechnologysolutions.com

vnsr1234.com

nationswines.com

toaglobalcc.com

texasbusrental.com

sailfishingcostarica.com

superbuy.today

mode-paradox.com

soperlz.xyz

filterdance.com

Targets

- Target
  
  2c5f5dbeb72dc0832f94f4ad3bfe984ac1e8a9dd6b64a4335394cfc16ee00a6a
- Size
  
  737KB
- MD5
  
  38694cf4cf60fc8408f11b40e2e62338
- SHA1
  
  e42b57f70784715d37794ec05cc0da6ff356345c
- SHA256
  
  2c5f5dbeb72dc0832f94f4ad3bfe984ac1e8a9dd6b64a4335394cfc16ee00a6a
- SHA512
  
  fdb9cc5ff5a872bc9f383d06582a726652b4a2ce491bc1482bcf6e1808950835d57144061ee68b73a917db660f8aaaa381d4e6dc1657e69e5dca4d32d7648657
Score

10^/10

formbook bnc rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2