formbook

General

Target

88efa753e46f6e0e87c67231482613c1145eb5ab7e43dbd17e19b1a9267b5896
Size

886KB
Sample

220521-n4tsnsefb6
MD5

0bf971c91ce1997840caf20da0bcf262
SHA1

fcc1070b8cf0d27b26af1516c891ffd72060cdee
SHA256

88efa753e46f6e0e87c67231482613c1145eb5ab7e43dbd17e19b1a9267b5896
SHA512

19c9a94e0d5fece986e99d527dc2db65a78a0a6708f14be66fd65c46e9d3ce8d1a1186a4a93034cdfdea44516bc264fa337786cbcc5c69a40e73a0276a3d8d09

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

2cur

Decoy

canadarbc.com

chynnaman.com

towerofcards.com

rockyourgloryinc.com

mod-gen-gamer.men

peixunar.com

illinoisminutemanproject.com

jimcarreyfilmleri.com

holoidayinn.com

ledo52.party

exclusivegourmet.net

eventiedesideri.com

mybodydynamix.com

egeg.online

mylivechat.support

promedijob.com

goanadentalimplantok.live

hnau8h.com

edenproject-interior.com

datamoments.com

Targets

- Target
  
  88efa753e46f6e0e87c67231482613c1145eb5ab7e43dbd17e19b1a9267b5896
- Size
  
  886KB
- MD5
  
  0bf971c91ce1997840caf20da0bcf262
- SHA1
  
  fcc1070b8cf0d27b26af1516c891ffd72060cdee
- SHA256
  
  88efa753e46f6e0e87c67231482613c1145eb5ab7e43dbd17e19b1a9267b5896
- SHA512
  
  19c9a94e0d5fece986e99d527dc2db65a78a0a6708f14be66fd65c46e9d3ce8d1a1186a4a93034cdfdea44516bc264fa337786cbcc5c69a40e73a0276a3d8d09
Score

10^/10

formbook 2cur agilenet rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Obfuscated with Agile.Net obfuscator

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2