formbook

General

Target

Booking details.exe
Size

1.2MB
Sample

220915-vp9nxahddl
MD5

64d38a2ad50e4af64d28d9086e36c37d
SHA1

11cbfad75d83639e5128c78bf256306751a71299
SHA256

edb793d2433f2bcb4651c6576a8f47ff87d258dfaf5a5bf4194701e61f3a6910
SHA512

aefe6cb3e9b8eb7707695b30ee610ef5ec41de50a8410cb3252de0f6eb4428d9edb9f64ea9c680327a87b90718e4f5b1307e6dac548026f67c7ff6c375f299b4
SSDEEP

12288:f1I41hw4e/ehLrzZ3q469R5bfamxgHc/8mA3GQ9xklET7e0+GwFLJLevHyparGQ7:uL4LJFITamqHc/88Q9xklFG86H1GWv4

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

rsea

Decoy

aylagrey.com

ketoodavoqslim.xyz

foyfoy.ltd

buymistnow.com

ownempire.net

cie-revolver.com

kedaimks.com

rockbettergear.com

luminousfadel.com

universalbumpkeys.com

enjoyablestopnshop.com

grandesfinanzas.com

professionmessaging.com

thtoughthenight.com

conservativesshop.com

jimihoodie.com

nhlove.net

agentsheila.com

tilemarkng.com

94ei6mgy.com

Targets

- Target
  
  Booking details.exe
- Size
  
  1.2MB
- MD5
  
  64d38a2ad50e4af64d28d9086e36c37d
- SHA1
  
  11cbfad75d83639e5128c78bf256306751a71299
- SHA256
  
  edb793d2433f2bcb4651c6576a8f47ff87d258dfaf5a5bf4194701e61f3a6910
- SHA512
  
  aefe6cb3e9b8eb7707695b30ee610ef5ec41de50a8410cb3252de0f6eb4428d9edb9f64ea9c680327a87b90718e4f5b1307e6dac548026f67c7ff6c375f299b4
- SSDEEP
  
  12288:f1I41hw4e/ehLrzZ3q469R5bfamxgHc/8mA3GQ9xklET7e0+GwFLJLevHyparGQ7:uL4LJFITamqHc/88Q9xklFG86H1GWv4
Score

10^/10

formbook rsea rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2