formbook

General

Target

1003958599_pdf.exe
Size

242KB
Sample

220915-xjnkladha6
MD5

e295996f65a26a11faafb50d0c72603d
SHA1

ec5ae05ad09514fa289429d8b213102a2c912f73
SHA256

fa8634a43c5dfb22286abeaa9f3c1a62af85ebb4052be0257cdfa50895148876
SHA512

be19e753b79b7b3ca50f484c524a6e0b8469c4c4424267bf450a3ab88701cd061c7e04cef291eeffc6fbf65a24c1da8c417cea9f3256dd0834434ec0a0277ffa
SSDEEP

6144:H1+pI/4gmHzGwobvuSjlqNbfazTnQJ8ZMc:HQpIggszKTq18zoiMc

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

s3s3

Decoy

tvielotus.com

teesta.xyz

talentrecruitor.com

pamaungipb.com

xn--90ahkh6a6b8b.site

910carolina.com

toyotaecoyouth-dev.com

invetnables.com

gdexc.com

ssw168.com

householdmould.com

mqttradar.xyz

t333c.com

thepausestudio.com

evershedsutherlands.com

asbdataplus.com

preddylilthingz.com

jepwu.com

tvlido.com

artovus.com

Targets

- Target
  
  1003958599_pdf.exe
- Size
  
  242KB
- MD5
  
  e295996f65a26a11faafb50d0c72603d
- SHA1
  
  ec5ae05ad09514fa289429d8b213102a2c912f73
- SHA256
  
  fa8634a43c5dfb22286abeaa9f3c1a62af85ebb4052be0257cdfa50895148876
- SHA512
  
  be19e753b79b7b3ca50f484c524a6e0b8469c4c4424267bf450a3ab88701cd061c7e04cef291eeffc6fbf65a24c1da8c417cea9f3256dd0834434ec0a0277ffa
- SSDEEP
  
  6144:H1+pI/4gmHzGwobvuSjlqNbfazTnQJ8ZMc:HQpIggszKTq18zoiMc
Score

10^/10

formbook s3s3 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2