formbook

General

Target

ea7fd68474ee4b68b0efe56669644ad94474170ceca4f7aae769c0c06ac0ade2
Size

277KB
Sample

220521-prqe6afhc8
MD5

c98353615c05e518eef5042a50178c1b
SHA1

8ce0a86c9b979792a97d18af18c955046f73ee76
SHA256

ea7fd68474ee4b68b0efe56669644ad94474170ceca4f7aae769c0c06ac0ade2
SHA512

78bc19cc294a14c1ba88dbf71bcf8606e3c62a73081b7ffea491c8da5aa9e3e63d40af6f0b57fabe8d10ddcd5889092d98114b22292c56fc4a30a0397f4bef0f

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

3.9

Campaign

s5l

Decoy

greenstock.info

laurajaneaesthetics.com

817comm.com

dbprimery.com

slzu-vxtx9.biz

covetpro.com

50.ink

weick.email

88717888.com

tongyue0423.com

anchorsky.com

horapatarot.com

cadillacforless.com

primesupplyvintage.com

torchinstant.win

thebrandishere.com

www-69677.com

savestj.com

tommydad.com

xigjailbreak.com

Targets

- Target
  
  Doc10.exe
- Size
  
  508KB
- MD5
  
  a55491d76809f0c2ce2534145b58c2fb
- SHA1
  
  2ba489657ea9b82d76a5398f80bb31e2cfec6294
- SHA256
  
  d15344ff431c8df1a1de0618b7e0f4dfee59999eb7f26de6d462cc9c8e80a54a
- SHA512
  
  56e439f76b9b073e8b575accab64ca2d98c7a4de9a6c0df1d66247fdc2d3f3add250b1bc4a140bc06d72c2436be6e0766a64e4705386de06335539ba50ab9bb1
Score

10^/10

formbook s5l rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2