formbook

General

Target

67f4eca521110c92fd50115f70c88c01b2688f1dac4c31ce1aefc095a4e20885
Size

304KB
Sample

220521-n65yqaegb2
MD5

72293d7f3388e92dfa00e476b930db31
SHA1

ae55ee58ef0c3f9b19680248101e3191fffa54d4
SHA256

67f4eca521110c92fd50115f70c88c01b2688f1dac4c31ce1aefc095a4e20885
SHA512

0622771d38ce90261c3d60d0cd3acd3470a99680498337673c790682dd6dc346f8aa03972b99a8b142a0037782466e34e89d310c09ed25c205513d2238f5d0ea

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

tnk

Decoy

lafioletto.com

mgiuj.com

wolllafvixzies.win

wwwsbvip123.com

nadyaasnae.com

noticesinvoice2017.com

intercapati.com

tg8895.com

9245654874.com

lytsxc.info

rffuf3-liquidwebsites.com

verguet.com

peinturefleursetfemmes.com

xttmrama.com

cryptoinvestmentideas.com

kikumasacarparts.win

freeapk1.com

tasteofimagination.com

gxzyoa.com

cq-mingwei.com

Targets

- Target
  
  AWB-INV#4988376007345.pdf.exe
- Size
  
  395KB
- MD5
  
  b9df77bdf2d3823caecd22035929751f
- SHA1
  
  d0894da46ac7cb96210ed7b62a05da3e47837e90
- SHA256
  
  07d614e422ec5b2dbd4c0fbe9232bd0e06bc2e910bad7a6f8721eec2a2c608ae
- SHA512
  
  3dd0a4eb5a023439b9c883e9cb435e6fd564af775b099953b45d29fbe255261a2550f0e4d740960f8f7db6889ff854e451921e0c3381d0935314fb532655bc05
Score

10^/10

formbook tnk rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2