formbook

General

Target

ce3686ca2d718046926d4f84693892b3c7929cb4ffd00e027d87b6d82106af61
Size

1.1MB
Sample

221013-bsat7saea6
MD5

06981db2d36fee388647ee09c39d9f19
SHA1

4cb15e318f0f12091673f547fde489632be22bf2
SHA256

ce3686ca2d718046926d4f84693892b3c7929cb4ffd00e027d87b6d82106af61
SHA512

0158486353c9eb9b1ba9e86ff38f450a848f91bfcb114321f61b7dcfbed51e6785a23764fd9dc04deca98252ed877b7faef04b212a57e484a59f2a8e92c82021
SSDEEP

12288:bNZR41hw4e/ehLrzV6dqyw0f+hYZzU4S6rSrVRPm1Gl5XTLVQdsumf4T0DH1hw40:VL4LJYddw0qYhtMRtdTLVQ44d4

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

p94a

Decoy

wishgrove.com

parqueveiculos.com

spiderwebs.online

chulkanadham.com

cdtuan.net

zxazm.com

payment6528832.xyz

fengtaiol.com

bffsmovie.com

aliceseagerfitness.com

garisluruskonsulindo.website

analytical-gutter.net

ahcq8.com

fenyoga.com

ecleptic.cat

conjurecrafts.com

aquaway.date

apenpokkenschoonmaakbedrijf.com

zgramr.top

boweknives.site

Targets

- Target
  
  ce3686ca2d718046926d4f84693892b3c7929cb4ffd00e027d87b6d82106af61
- Size
  
  1.1MB
- MD5
  
  06981db2d36fee388647ee09c39d9f19
- SHA1
  
  4cb15e318f0f12091673f547fde489632be22bf2
- SHA256
  
  ce3686ca2d718046926d4f84693892b3c7929cb4ffd00e027d87b6d82106af61
- SHA512
  
  0158486353c9eb9b1ba9e86ff38f450a848f91bfcb114321f61b7dcfbed51e6785a23764fd9dc04deca98252ed877b7faef04b212a57e484a59f2a8e92c82021
- SSDEEP
  
  12288:bNZR41hw4e/ehLrzV6dqyw0f+hYZzU4S6rSrVRPm1Gl5XTLVQdsumf4T0DH1hw40:VL4LJYddw0qYhtMRtdTLVQ44d4
Score

10^/10

formbook p94a rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2