formbook

General

Target

829392e46410b5b81e88aac71c65240c06304a336c2e7c228b5b38ca28fed322
Size

659KB
Sample

220329-xptc2aeahn
MD5

df25fcca07458e9fa91dafcf1cfd7e44
SHA1

056cb86d74e3e854b11098912f1c7f0e783d6b5d
SHA256

829392e46410b5b81e88aac71c65240c06304a336c2e7c228b5b38ca28fed322
SHA512

468ef634317fbf210d8fcd796ebc9a500a0e913710263687ff41df9d2c45662d8f523421e715b83c13fe0dda0ee1441cb11e49bba4ace25d58c32ffa1ea7278e

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ngs

Decoy

clickavisos.com

superbbeautysecrets.com

edxar.xyz

maximumpotentialfitness.net

exportsninports.com

ijwsm.com

kdawvam.icu

uere.website

pleasantviewgardennj.com

favorflavortexas.com

gilt.pro

nagahama63.com

fractalweed.com

acceptchaos.net

shopshop3.space

lunivers-de-flora.com

astrophiliabrand.com

thegloveexchange.com

bbrazesurgical.com

goswamipad.net

Targets

- Target
  
  829392e46410b5b81e88aac71c65240c06304a336c2e7c228b5b38ca28fed322
- Size
  
  659KB
- MD5
  
  df25fcca07458e9fa91dafcf1cfd7e44
- SHA1
  
  056cb86d74e3e854b11098912f1c7f0e783d6b5d
- SHA256
  
  829392e46410b5b81e88aac71c65240c06304a336c2e7c228b5b38ca28fed322
- SHA512
  
  468ef634317fbf210d8fcd796ebc9a500a0e913710263687ff41df9d2c45662d8f523421e715b83c13fe0dda0ee1441cb11e49bba4ace25d58c32ffa1ea7278e
Score

10^/10

formbook ngs rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2