formbook

General

Target

8cf1251810f225bb5c01e1a5d114a0aed5c81ab16b8957cc194ead5d001beb6f
Size

371KB
Sample

220521-n4mpcshgbp
MD5

8b340b3e44e2e8ad2218d4e94955fc16
SHA1

cde2d2b29946a9d19a7435824b4854c02cb13a4e
SHA256

8cf1251810f225bb5c01e1a5d114a0aed5c81ab16b8957cc194ead5d001beb6f
SHA512

129fa5e97a5d6db5d223afb1a59f504aac835ca5c6b302e3c35fc73d1277deb213d2abe1b97824ce45bc50fac467f86060bef119e5385c8d9b41437e8abfdc97

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

pp4

Decoy

shopandwork.com

tubegetpro.com

qaikme.com

fyehome.com

aizhuanqian.top

medicadvicesth.info

hyhndec.com

0pe828.com

robbiepricepsychotherapy.com

haildamagesigns.com

viperarmament.com

izpjht.men

iotanewholland.com

fbaldiphoto.com

stephanieambrose.com

ossc.biz

diandangchain.com

cutshort.download

deannamolnar.com

diginnovent.com

Targets

- Target
  
  RQ068364.exe
- Size
  
  474KB
- MD5
  
  d45570fd8dfaa4bf6b91d83455191c69
- SHA1
  
  a0d9d1667b1d0ec3b10ea3a7bf46808e780ee00d
- SHA256
  
  fca57bc3188f4383efe5bfd8a6c0e3058273c7dca96ef9360f6290790f8883b6
- SHA512
  
  89142c2a50a8e38377675d72755b0bd07f0347049e3e6dbee9a6f7e132fc01f032b6ad0b05059874e6e90fc60a320e71b6a23f7ceee271a434721efc2f7fee25
Score

10^/10

formbook pp4 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2