formbook

General

Target

1ecd71d02ab11060111ed4dc678704f5633c5a8cad23176dd9ca802942c0aa48
Size

303KB
Sample

220521-pnppfsahbr
MD5

5c08907166ca19747f7925d410bfe9bf
SHA1

8baf4ac014854e8ff87ae5e29df3fca682323dfb
SHA256

1ecd71d02ab11060111ed4dc678704f5633c5a8cad23176dd9ca802942c0aa48
SHA512

122e00d84bffb3a98edd7c2c11603aa780188938e2f87121f24fd32ebe6086afcad4ee70d61438fa4094d664e7a6106da477ba2d5473af60456de1539db9a8c7

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

c38r

Decoy

angleprotool.com

drilldownaccountancy.com

puur-bb.info

laptoprepairbrighton.net

mainstale.com

soketones.com

cohi.ltd

washntivow.com

datajagabon.online

solidlike.com

tapaznoncc.com

deadoralive.site

sharkapexdwal.com

tribun-news.com

67chain.com

paramorphous.net

chicagoxqa.com

301zaq.info

mansfieldpowdercoating.net

stopdizzy.com

Targets

- Target
  
  purchase list.exe
- Size
  
  342KB
- MD5
  
  d6f63695191aecfe9c2a83523e2dce38
- SHA1
  
  d68c0ab1f06ee7a8da74badc7d36f5ad619efb1b
- SHA256
  
  df745e4434b953ab404e59ef73608a9f3148fa7d629a28b7401c295efdf618b6
- SHA512
  
  1165bd682e1c508752a1facab8603283ed9104c360d35c09cae7991e0f6c69d1851d34c6392ddef55e52e4bf266104bf218ea002332fdb19f9763c92a8b41fa6
Score

10^/10

formbook c38r rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2