formbook

General

Target

Shipping.Document.Confirmation.pdf.exe
Size

994KB
Sample

220908-gr1xwsdgg8
MD5

e8284ea2fdaeffa5d38de54c156eed6e
SHA1

b2895f73f0fd55a47c8b0bfffd2c1280eb44436c
SHA256

c6d4469628973b42861dfd82d5bdb14d03cfe0ded1511db6a04964f72404b521
SHA512

78ffa8c266ef1d4a4dfa0d39ce6e1a4ce5489c192955d75c4e13078e0c45e04488d7781a49383feb521d5d8769a753813f7c55df4f6a8ee41c6de00ed94fbcc7
SSDEEP

12288:23VwqBIDMq/aZNJAcwUcr+ny9ebjh8aDI+iL2OPpK:m/qENJA1r+yEZ8f+iiOPA

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

oe47

Decoy

amyrusscreative.com

spmactivos.com

mmdoh.store

giveupeasily.com

headline228164.biz

limitedessense.net

thetechylife.com

tonebeautyy.com

royebe.com

sogoodsong.com

damesindirestraits.com

petasoz.com

xvfunding.com

republicanvideoproduction.net

notiltrp.com

tassaraysaglikhizmetleri.com

youguetland.com

olfanees.com

sendmageemail.com

da-cap.net

Targets

- Target
  
  Shipping.Document.Confirmation.pdf.exe
- Size
  
  994KB
- MD5
  
  e8284ea2fdaeffa5d38de54c156eed6e
- SHA1
  
  b2895f73f0fd55a47c8b0bfffd2c1280eb44436c
- SHA256
  
  c6d4469628973b42861dfd82d5bdb14d03cfe0ded1511db6a04964f72404b521
- SHA512
  
  78ffa8c266ef1d4a4dfa0d39ce6e1a4ce5489c192955d75c4e13078e0c45e04488d7781a49383feb521d5d8769a753813f7c55df4f6a8ee41c6de00ed94fbcc7
- SSDEEP
  
  12288:23VwqBIDMq/aZNJAcwUcr+ny9ebjh8aDI+iL2OPpK:m/qENJA1r+yEZ8f+iiOPA
Score

10^/10

formbook oe47 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2