formbook

General

Target

50fbb32e19376dbdaa70b686e34c4d03099f75fb77b2a3115bc8fd0214787cc0
Size

232KB
Sample

220521-bvf41acec5
MD5

094f55a9fbe9da10ccfe39d771b669c6
SHA1

1b89a2c748abb85454ecf589647214584d0ec8e6
SHA256

50fbb32e19376dbdaa70b686e34c4d03099f75fb77b2a3115bc8fd0214787cc0
SHA512

6da689719686ebadc896efe3da156151eaee4f331e2ebf732ec0a28e1506bcc84ba87683fbbb87e1266941bc4d030c38e00aac4ee95b2de8c95c9135b09add1d

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

fgf

Decoy

cat5irma.com

leadershiplakewood.info

flm1tr.biz

silverstarps.com

tzsbhy.net

disseny-web-lleida.net

cancellationofcontract.com

potentialanalysen.com

realinja.net

cateraggio.com

17017brookwooddrive.com

liberty-hope.net

northmnsword.com

500lombardy.com

roykossena.com

bowelral.com

hidiinvestmentgroup.com

urbarecords.net

404chianti.com

zimomor.com

Targets

- Target
  
  SwiftKNN.Scan.pdf..exe
- Size
  
  276KB
- MD5
  
  7bcdfd7515d9cc37332c3fbeb3b0608a
- SHA1
  
  ab3582590a8c05ba8534111dba46929829bcb15b
- SHA256
  
  61862048cd1b7848819b3123a47975b770d9358a24748631573b8aad4cacf039
- SHA512
  
  9d3a3093578f56a1ba16982a2f13c3d1aa9e58439e9dbc69b265b2c182b996c5c945c273d9606830f75a6294d5135b81ea2b11435643191a5f9c0c5b38791359
Score

10^/10

formbook fgf rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2