formbook

General

Target

SecuriteInfo.com.Trojan.PackedNET.1620.5013.23763.exe
Size

908KB
Sample

221012-v5z5eadfen
MD5

e1f42208b49e95ab6efcfc2c793d4c21
SHA1

796675f60d150b4026528c5b703f8beefe8467a1
SHA256

7f8b18cb89b63284a7d5fed4c53f861f8ce52a6c7c776e8d7c4b1b223202c6f8
SHA512

b9275846599b3f81a528044eefd351f850a70327264eed0c539daa0940b4dca6b8da93fe202ae4866b98b39ad26ef7de88c5f5489dc9ab803031e1b2d3e32c34
SSDEEP

12288:Cp//ql7BmqFGUu8t2Wd/wbXhgnZ2Mi5KQleLYQ2BC5wPIEGLajT:qqlrFGLsWbxQgDbR

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ng04

Decoy

tevimaq.com

easterspecialtystore.com

smartlever.tech

10312.uk

tanjawiharbi.co.uk

471338.com

horusventure.com

empress-care.com

sinrian.com

465951.com

aemsti.com

nxcourier.com

stargatefarms.com

lalyquainvestment.com

dailysportsadvice.com

justlistmoore.com

stoneonroll.online

tatianakolomiets.com

barcodebbm.com

protectorship.world

Targets

- Target
  
  SecuriteInfo.com.Trojan.PackedNET.1620.5013.23763.exe
- Size
  
  908KB
- MD5
  
  e1f42208b49e95ab6efcfc2c793d4c21
- SHA1
  
  796675f60d150b4026528c5b703f8beefe8467a1
- SHA256
  
  7f8b18cb89b63284a7d5fed4c53f861f8ce52a6c7c776e8d7c4b1b223202c6f8
- SHA512
  
  b9275846599b3f81a528044eefd351f850a70327264eed0c539daa0940b4dca6b8da93fe202ae4866b98b39ad26ef7de88c5f5489dc9ab803031e1b2d3e32c34
- SSDEEP
  
  12288:Cp//ql7BmqFGUu8t2Wd/wbXhgnZ2Mi5KQleLYQ2BC5wPIEGLajT:qqlrFGLsWbxQgDbR
Score

10^/10

formbook ng04 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2