formbook

Resubmissions

14-10-2022 16:06

221014-tkegjadgf4 10

14-10-2022 16:02

221014-tgvpcadge9 10

Sharing

Copy URL

Twitter E-mail

General

Target

orden de compra.zip
Size

593KB
Sample

221014-tgvpcadge9
MD5

cb238537af4801aa846fe25a1a64f1d4
SHA1

977d9561549bb206736776694f4039507826a271
SHA256

7d5938858ee84c02fb4f1d3bbad12530a6ed43b2d9dca1180a73a070034ff4c7
SHA512

38f099a124b62fd785023459468c11aabad925cf48adb11faa9839ed3f099617b2122168212e831294609bfe4944126ca43f6099ca9c91052f23c5c3530087b7
SSDEEP

12288:66Y0Dzql7HC8F4Uu8tgU3/QbXhwnZ6MevKKJ4BYQGb:t9qlvF4LoIbRAontP

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ng04

Decoy

tevimaq.com

easterspecialtystore.com

smartlever.tech

10312.uk

tanjawiharbi.co.uk

471338.com

horusventure.com

empress-care.com

sinrian.com

465951.com

aemsti.com

nxcourier.com

stargatefarms.com

lalyquainvestment.com

dailysportsadvice.com

justlistmoore.com

stoneonroll.online

tatianakolomiets.com

barcodebbm.com

protectorship.world

Targets

- Target
  
  orden de compra.exe
- Size
  
  908KB
- MD5
  
  e1f42208b49e95ab6efcfc2c793d4c21
- SHA1
  
  796675f60d150b4026528c5b703f8beefe8467a1
- SHA256
  
  7f8b18cb89b63284a7d5fed4c53f861f8ce52a6c7c776e8d7c4b1b223202c6f8
- SHA512
  
  b9275846599b3f81a528044eefd351f850a70327264eed0c539daa0940b4dca6b8da93fe202ae4866b98b39ad26ef7de88c5f5489dc9ab803031e1b2d3e32c34
- SSDEEP
  
  12288:Cp//ql7BmqFGUu8t2Wd/wbXhgnZ2Mi5KQleLYQ2BC5wPIEGLajT:qqlrFGLsWbxQgDbR
Score

10^/10

formbook ng04 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2