formbook

General

Target

a1240c1c33035a334ee2d95d895b16e4f96de0d04d451952ad464d08dc70b947
Size

927KB
Sample

221012-sy293shee7
MD5

34db9248a161052e4cc893c61be62480
SHA1

36a87aca20f19f64def276d117aab1fc96c1a02e
SHA256

a1240c1c33035a334ee2d95d895b16e4f96de0d04d451952ad464d08dc70b947
SHA512

60ea4646d480603f2566ff319464b85d6a458f62dfb985f6efa58d3a0dd90543f57e646965725a37969fbe19d011e77d8ad2aea38b768d2556385e712e99b759
SSDEEP

12288:kWZRX2rUe8nuBAKJdOWETYEWBP0h1n2cb1jHJQY+qJLiRZpdhDW:lRGrUe8ne5ETYEq0h12cFWGLope

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

p94a

Decoy

wishgrove.com

parqueveiculos.com

spiderwebs.online

chulkanadham.com

cdtuan.net

zxazm.com

payment6528832.xyz

fengtaiol.com

bffsmovie.com

aliceseagerfitness.com

garisluruskonsulindo.website

analytical-gutter.net

ahcq8.com

fenyoga.com

ecleptic.cat

conjurecrafts.com

aquaway.date

apenpokkenschoonmaakbedrijf.com

zgramr.top

boweknives.site

Targets

- Target
  
  a1240c1c33035a334ee2d95d895b16e4f96de0d04d451952ad464d08dc70b947
- Size
  
  927KB
- MD5
  
  34db9248a161052e4cc893c61be62480
- SHA1
  
  36a87aca20f19f64def276d117aab1fc96c1a02e
- SHA256
  
  a1240c1c33035a334ee2d95d895b16e4f96de0d04d451952ad464d08dc70b947
- SHA512
  
  60ea4646d480603f2566ff319464b85d6a458f62dfb985f6efa58d3a0dd90543f57e646965725a37969fbe19d011e77d8ad2aea38b768d2556385e712e99b759
- SSDEEP
  
  12288:kWZRX2rUe8nuBAKJdOWETYEWBP0h1n2cb1jHJQY+qJLiRZpdhDW:lRGrUe8ne5ETYEq0h12cFWGLope
Score

10^/10

formbook p94a rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2