formbook

General

Target

ETOS project Specifications.exe
Size

732KB
Sample

221003-qk3ycahacl
MD5

2bf247b62106faa756c070c4e017d402
SHA1

63ac2ac4e94d66d285968035c55f02917c419744
SHA256

90afcb6b9e301d7081737182f7f3e3bff751ba972d161d8da5c24db1d0d36dc0
SHA512

be7c4f17616124423de69e3e2846ce89192c9577111a81bbd13ddccbdb3cae20fd18a92ea6984198ad4e0c3b8b287e0c6df66a99b067ff745bfe177f8d9248f3
SSDEEP

12288:MmAzQsRZDsItEVJ6AKJQ84lSt0/2V+4HPI/yCfJuZXLN1:+zQswikDD5lSt0+ZQKUJuZ7N

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

vo84

Decoy

laurenciavachulova.one

sabuilders.store

masxot.xyz

matchfail.com

suararakyatnews.net

kykm.rest

richardsmartinezh.site

morehouseweneedyou.com

depressivepawnclub.xyz

yenilenme.net

allhiejralstore.com

9993808.com

sleepshastra.com

weplay-classic.com

propertyofpalestine.com

onirica.club

yohelios.com

fcorruption.com

tongdans.top

richmondmassage.store

Targets

- Target
  
  ETOS project Specifications.exe
- Size
  
  732KB
- MD5
  
  2bf247b62106faa756c070c4e017d402
- SHA1
  
  63ac2ac4e94d66d285968035c55f02917c419744
- SHA256
  
  90afcb6b9e301d7081737182f7f3e3bff751ba972d161d8da5c24db1d0d36dc0
- SHA512
  
  be7c4f17616124423de69e3e2846ce89192c9577111a81bbd13ddccbdb3cae20fd18a92ea6984198ad4e0c3b8b287e0c6df66a99b067ff745bfe177f8d9248f3
- SSDEEP
  
  12288:MmAzQsRZDsItEVJ6AKJQ84lSt0/2V+4HPI/yCfJuZXLN1:+zQswikDD5lSt0+ZQKUJuZ7N
Score

10^/10

formbook vo84 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2