formbook

General

Target

397ba9cec424917d80168f055586a562da66a6d36653517e4922656120e9f453
Size

300KB
Sample

220521-pmp9laagfj
MD5

f7e768a9e9a1136011838ab646ec9935
SHA1

580570b6f55cf5adbf3a6a33023179af63ca559e
SHA256

397ba9cec424917d80168f055586a562da66a6d36653517e4922656120e9f453
SHA512

a74a54436ca927318f07d8aaae94d7cb279477be5d8e1212718bcc9c78ca1d2aea5ee2fbec8ee3561a49392f0b085fa56eec3d5aa94b3c655229c25d55d5654a

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

dty

Decoy

ceocareers.cloud

kingstongrabhire.com

indiabullsdhanny.biz

sportpnw.com

sandravidente.com

mackandmosonthepark.net

rhetornic.com

mauritiustaxirental.com

mortsswitchgrettklet.win

hospitalityquote.com

somefrequentbl.info

neirongxiu.com

aatacticaldefense.com

bestpersonalitycoach.com

vintagesoulscatteringatsea.com

xn--praxisflchen-ncb.net

jacksweatercompany.com

www319234.com

matrixpedconstruction.com

jemjom.com

Targets

- Target
  
  invoice.exe
- Size
  
  339KB
- MD5
  
  8f76d465d04393a7e53d7ac84bc7a73f
- SHA1
  
  d904130c434417ea57d2d4198743231aad25118c
- SHA256
  
  fa355139bfaa9fcf4324154194f2cb280899be4863fd278c7b06440d84a14d39
- SHA512
  
  1b3946e09684f0c6b7980546776164bc785e0e6e443e554360dc2f81fa38186a5a4487de928ffd8d1d12175d3b742c69501d73972b8c61c08d442267b8c3e4e9
Score

10^/10

formbook dty rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2