formbook

General

Target

SecuriteInfo.com.Trojan.Inject4.44941.14960.17808.exe
Size

990KB
Sample

221011-j69vfsdhhn
MD5

3b0c5b4eed9f2222f09e61efaee554f4
SHA1

c32cc7642bc141b6ae804d620d663a41cd5b76b0
SHA256

af4e4f24d35ee2d2d5efdfcaff5d9b5c0b6173165d66e5e22ff44c53e8a316f4
SHA512

9fc73970f445b21c46193eab4149b6dc465c4c32c90b51123ac50679236f1886325a1a9a053964d3b58ec503533c06837ae1eeba9011d31ff9cef6be865ef91e
SSDEEP

12288:xIwDxoBuee4EFJcwoeyKeXZca1AJlQo74xjtDS3lAQSQy4AB:HK44EuRFX+qqlgtaAtQy4A

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ng04

Decoy

tevimaq.com

easterspecialtystore.com

smartlever.tech

10312.uk

tanjawiharbi.co.uk

471338.com

horusventure.com

empress-care.com

sinrian.com

465951.com

aemsti.com

nxcourier.com

stargatefarms.com

lalyquainvestment.com

dailysportsadvice.com

justlistmoore.com

stoneonroll.online

tatianakolomiets.com

barcodebbm.com

protectorship.world

Targets

- Target
  
  SecuriteInfo.com.Trojan.Inject4.44941.14960.17808.exe
- Size
  
  990KB
- MD5
  
  3b0c5b4eed9f2222f09e61efaee554f4
- SHA1
  
  c32cc7642bc141b6ae804d620d663a41cd5b76b0
- SHA256
  
  af4e4f24d35ee2d2d5efdfcaff5d9b5c0b6173165d66e5e22ff44c53e8a316f4
- SHA512
  
  9fc73970f445b21c46193eab4149b6dc465c4c32c90b51123ac50679236f1886325a1a9a053964d3b58ec503533c06837ae1eeba9011d31ff9cef6be865ef91e
- SSDEEP
  
  12288:xIwDxoBuee4EFJcwoeyKeXZca1AJlQo74xjtDS3lAQSQy4AB:HK44EuRFX+qqlgtaAtQy4A
Score

10^/10

formbook ng04 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2