formbook

General

Target

9b08add787ee884a3e2a0953cc6447fe394a544971aa17746275d2aa5e13690f
Size

421KB
Sample

220520-2w2p7sgbc9
MD5

e9a020d57c46ccacf00d1c7537d5345b
SHA1

487a327510caed634937e8a18547418c5914dda3
SHA256

9b08add787ee884a3e2a0953cc6447fe394a544971aa17746275d2aa5e13690f
SHA512

0b1dfd911e0cbb0b584d879f3a17b42f5bb28f6df4c1444e6022057bea2afc3d28cf709b06bca68cc8badb870e82f0f9a2f2e857c82177b02a38a5591ffd06cc

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

q5e

Decoy

2177.ltd

thanxiety.com

max-width.com

fixti.net

mostmaj.com

mobilteknolojiuzmani.com

historyannals.com

wheelchairmotion.com

mossandmoonstonestudio.com

kastellifournis.com

axokey.net

peekl.com

metsteeshirt.com

abcfinancial-inc.com

btxrsp.com

amydh.com

ccoauthority.com

lumacorretora.com

kimfelixrealtor.com

iconext.biz

Targets

- Target
  
  Alpha 7763826639.exe
- Size
  
  496KB
- MD5
  
  9e3db9c40093f7a159827ab2a9de640e
- SHA1
  
  e9a5ae757342e4ac6d21bc0e33f0e703104dcf03
- SHA256
  
  31f02d35e3e941b42298936bd026b39a5d682825bc4b4277945f9f0143617931
- SHA512
  
  6a57ac5b688e2bc8a0a24230bdf60a3146216e54a986ba0c6083b400582e5f94ba6dcd14b95458f8a1bef53076ba32d74d663222e7e82600d454c720134adda1
Score

10^/10

formbook q5e rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2