formbook

General

Target

663761b54a50098040c6a882fca010f0.exe
Size

510KB
Sample

220131-phstxshga4
MD5

663761b54a50098040c6a882fca010f0
SHA1

271781ac1b7af0ef538fc37510add12cbef3253d
SHA256

3090eb9593159bb7832f0d55b935396e585d8095b4c7c5f07922848a41a20d70
SHA512

e642c9877e6487898d4d9bdc6283d7a7e4902c4a72a94ca25051d8c7f3e00b165258f96a8295df021aacd28fe959c71725a1beb4215022fcc5e88315c087bdba

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

qugo

Decoy

sathapornstainlesssteel.com

everythingisaninvestment.com

appsbyraf.com

superhornygirl.club

christmastreeclass.com

cheatdayztogo.com

aadent7.com

divinitypath.com

figuli563.com

distanzalojistik.com

pricelesslookyto-looktoday.info

pcaaems.com

itsnewmovie.com

4kx.claims

rental-aruyo.com

psiek.com

justnobleempress.com

40daysfor40nights.com

91266w.com

csi-texas.biz

Targets

- Target
  
  663761b54a50098040c6a882fca010f0.exe
- Size
  
  510KB
- MD5
  
  663761b54a50098040c6a882fca010f0
- SHA1
  
  271781ac1b7af0ef538fc37510add12cbef3253d
- SHA256
  
  3090eb9593159bb7832f0d55b935396e585d8095b4c7c5f07922848a41a20d70
- SHA512
  
  e642c9877e6487898d4d9bdc6283d7a7e4902c4a72a94ca25051d8c7f3e00b165258f96a8295df021aacd28fe959c71725a1beb4215022fcc5e88315c087bdba
Score

10^/10

formbook qugo rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2