formbook

General

Target

1d353da3fe658893fc339803df7d154f
Size

870KB
Sample

220809-zs8y1ahfc8
MD5

1d353da3fe658893fc339803df7d154f
SHA1

af055ef0f98a53253fd1c22251792f764d2ddaef
SHA256

9f35a2c105be7758b4e8fba5867613c73fa1f45dd6b0456edb375beb1dd0d65a
SHA512

ed96e8d006e596806609eedad293ad70bd688de1c709d6ebf8c844afd540af433276eac3d3b16e9730c759b189169f42293b9c5d8502c5377dae45ba0a7eed97

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ng04

Decoy

tevimaq.com

easterspecialtystore.com

smartlever.tech

10312.uk

tanjawiharbi.co.uk

471338.com

horusventure.com

empress-care.com

sinrian.com

465951.com

aemsti.com

nxcourier.com

stargatefarms.com

lalyquainvestment.com

dailysportsadvice.com

justlistmoore.com

stoneonroll.online

tatianakolomiets.com

barcodebbm.com

protectorship.world

Targets

- Target
  
  Orden de compra.exe
- Size
  
  759KB
- MD5
  
  e133817b11a77fc79bc94782f3a4f9f0
- SHA1
  
  1416b42e312a8181dc5db94a7f41cece409cff3e
- SHA256
  
  3a7dcbe672b67bcc1855c94def13e2afa445b83c1303688f3fef77e00d3bc7fe
- SHA512
  
  2e014c29d943389806b18a81dd230ebe4e1971df3e35644d17d31aeae570a9575a4a904bd1007d9fa7196b25d0594fb8720e96c1586f9a3230438d899e8e3068
Score

10^/10

formbook ng04 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2