formbook

General

Target

new inquiry order.com.exe
Size

988KB
Sample

221008-y3tfmaffbn
MD5

1af8f4ac0eb2cde05f545828c3f9f04f
SHA1

7a6882b53d98889f815e2eae79a478cb4e6b22d4
SHA256

27f2087a1eb0f0ad0178f59eb8924ead92b1104132ed638897fca915c7e5c162
SHA512

2906e8dbb7b6859a156bafa01d3d07de50a84173519933c63c1066dd9124ca595e716d710f7b21ae07a21136c9a296c8bde1b2c0fdc41ace3b30ce942818557b
SSDEEP

12288:ur1cA2iNaxfvX1QmLIf5hjKEM17GQ7F9cmLy0HAgwpsJDWhqWfu:A1S1wbKr7bcKesJChBf

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

p94a

Decoy

wishgrove.com

parqueveiculos.com

spiderwebs.online

chulkanadham.com

cdtuan.net

zxazm.com

payment6528832.xyz

fengtaiol.com

bffsmovie.com

aliceseagerfitness.com

garisluruskonsulindo.website

analytical-gutter.net

ahcq8.com

fenyoga.com

ecleptic.cat

conjurecrafts.com

aquaway.date

apenpokkenschoonmaakbedrijf.com

zgramr.top

boweknives.site

Targets

- Target
  
  new inquiry order.com.exe
- Size
  
  988KB
- MD5
  
  1af8f4ac0eb2cde05f545828c3f9f04f
- SHA1
  
  7a6882b53d98889f815e2eae79a478cb4e6b22d4
- SHA256
  
  27f2087a1eb0f0ad0178f59eb8924ead92b1104132ed638897fca915c7e5c162
- SHA512
  
  2906e8dbb7b6859a156bafa01d3d07de50a84173519933c63c1066dd9124ca595e716d710f7b21ae07a21136c9a296c8bde1b2c0fdc41ace3b30ce942818557b
- SSDEEP
  
  12288:ur1cA2iNaxfvX1QmLIf5hjKEM17GQ7F9cmLy0HAgwpsJDWhqWfu:A1S1wbKr7bcKesJChBf
Score

10^/10

formbook p94a rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2