formbook

General

Target

quote.zip
Size

650KB
Sample

220916-ld7whaahdq
MD5

0310d079b970854124593216e203032d
SHA1

ca3b807d198deee4630e2f6d19ea12571e0bd102
SHA256

8595b09a297946a582c7ea097dfb277a3f07f675088f34c0f710ab92714ffbfe
SHA512

1e5a7e008488341b55ae5fadd7bed9a1ef06e6b8ad90037d4bc9c7c9a67d5fb2372a907831c175138d89a1d64b677776959cd327abb0ce67176742373d061704
SSDEEP

12288:AuXHYG8X4xCFoS+EHXHKx6KjMw/A4RD1rKjuProqdVfKGnbZZNb:A64DQe9HXl8xeuEqdVfjbbNb

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ng04

Decoy

tevimaq.com

easterspecialtystore.com

smartlever.tech

10312.uk

tanjawiharbi.co.uk

471338.com

horusventure.com

empress-care.com

sinrian.com

465951.com

aemsti.com

nxcourier.com

stargatefarms.com

lalyquainvestment.com

dailysportsadvice.com

justlistmoore.com

stoneonroll.online

tatianakolomiets.com

barcodebbm.com

protectorship.world

Targets

- Target
  
  quote.exe
- Size
  
  994KB
- MD5
  
  69d7ce9779a8a758938ff6f8baff7ab2
- SHA1
  
  0ece2b777fcf3eff03b7daf0cf66ec926203ea6b
- SHA256
  
  0d1d2d46204e8a5447262f819a95a1862e089337c9ac59b6fcf2d3109e2857d7
- SHA512
  
  df1281f29b5f8b4dd2d8fe5f0e178678c6f4a7ba67341e337185520637c442bf0bd4bd53731ee8b36eff47fcb844bf2ff2941a86d808be6b29701e401f77a0ab
- SSDEEP
  
  12288:0ZYcXkNlexiFEA+IHXtA9uKjCw5qqTfProXOD1P1xuypQJrnOJy:8EQ+FHXV2tKORP1x
Score

10^/10

formbook ng04 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2