formbook

General

Target

SecuriteInfo.com.Win32.PWSX-gen.10417.exe
Size

843KB
Sample

220919-p4mj2addgj
MD5

0254eb57f3e60a44a34117a760d0044c
SHA1

87a774ca772463b5a8ad3f6e5387ff3f25a3d3bb
SHA256

d9330396040f8b8169fee91c05b6f6a4114c863e78971082faeb1a604adf589f
SHA512

8f4ac3fac65992cf01e7d2dc4a1c722a2f67a1bf3e45e9144a0e32bb7623e3fda7aaaa65ff69da0f9528446386c41b6e4cfcd44a688576918975451a22f4dca3
SSDEEP

12288:P/yxHTOPGs+Km2aUqLYLWfqbK7dfIgduHv32bF:PIzOP+KaUqL82qE5uPmbF

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

p94a

Decoy

wishgrove.com

parqueveiculos.com

spiderwebs.online

chulkanadham.com

cdtuan.net

zxazm.com

payment6528832.xyz

fengtaiol.com

bffsmovie.com

aliceseagerfitness.com

garisluruskonsulindo.website

analytical-gutter.net

ahcq8.com

fenyoga.com

ecleptic.cat

conjurecrafts.com

aquaway.date

apenpokkenschoonmaakbedrijf.com

zgramr.top

boweknives.site

Targets

- Target
  
  SecuriteInfo.com.Win32.PWSX-gen.10417.exe
- Size
  
  843KB
- MD5
  
  0254eb57f3e60a44a34117a760d0044c
- SHA1
  
  87a774ca772463b5a8ad3f6e5387ff3f25a3d3bb
- SHA256
  
  d9330396040f8b8169fee91c05b6f6a4114c863e78971082faeb1a604adf589f
- SHA512
  
  8f4ac3fac65992cf01e7d2dc4a1c722a2f67a1bf3e45e9144a0e32bb7623e3fda7aaaa65ff69da0f9528446386c41b6e4cfcd44a688576918975451a22f4dca3
- SSDEEP
  
  12288:P/yxHTOPGs+Km2aUqLYLWfqbK7dfIgduHv32bF:PIzOP+KaUqL82qE5uPmbF
Score

10^/10

formbook p94a rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2