formbook

General

Target

20210113432.exe
Size

1.0MB
Sample

210113-cp3c3an6mj
MD5

13dbc9c1c5a2811ecbee5f420c9c75b6
SHA1

6b01e540d3757944b61baa187159a908e170d5ae
SHA256

ba41656ca5e0e243cff9f6a536c43998a9dbc492f5e813a0022e84359b2e0ef8
SHA512

ae1414b91ba91a29575901ac0daf55aa937454b1afcd53d7d0c9461ca2b48d65bb1f3213ad23853987a40381a2f57be359fdbf7848ff57432b5e95ffd4cbcea1

Score

10^/10

Malware Config

Extracted

Family

formbook

C2

http://www.southsideflooringcreations.com/dkk/

Decoy

goldenfarmm.com

miproper.com

theutahan.com

efeteenerji.com

wellfarehealth.com

setricoo.com

enjoyablephotobooths.com

semaindustrial.com

jennywet.com

jackhughesart.com

cantgetryte.com

searko.com

zxrxhuny.icu

exoticorganicwine.com

fordexplorerproblems.com

locationwebtv.net

elinvoimainenperhe.com

mundoclik.com

nouvellenormale.com

talasnakliyat.com

Targets

- Target
  
  20210113432.exe
- Size
  
  1.0MB
- MD5
  
  13dbc9c1c5a2811ecbee5f420c9c75b6
- SHA1
  
  6b01e540d3757944b61baa187159a908e170d5ae
- SHA256
  
  ba41656ca5e0e243cff9f6a536c43998a9dbc492f5e813a0022e84359b2e0ef8
- SHA512
  
  ae1414b91ba91a29575901ac0daf55aa937454b1afcd53d7d0c9461ca2b48d65bb1f3213ad23853987a40381a2f57be359fdbf7848ff57432b5e95ffd4cbcea1
Score

10^/10

formbook rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2