formbook

General

Target

bill of lading.exe
Size

862KB
Sample

221017-h3s7vsbban
MD5

f4c6c8b6fc91dc8ff9230a6bb699d825
SHA1

6b3494490e2a350093c6864fbcfe56660b12db2c
SHA256

fc3b3317c4877d207407aad03ab5af9c0fbd4ea5e71353139eef0af9ab013c91
SHA512

79c0f036070a0d0e708fa49a536a5615fa6d68b370ed274532f7d648e5e779223aefbdacd5a19a4335731dfbed3c0574cd2a74ddbedadafe9031310532efe682
SSDEEP

12288:mwqfEur3vTwrMihFVtqtTFUprtROZoyKMZdwC+HuBkuNYBc5Z:cTgltqtTCpr6hZdwi5

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

cqrt

Decoy

fastingbrew.com

mdly715.xyz

july5thpatriots.com

misterbeimusic.net

westernslopechiefs.com

adnanaslam.info

jennissupplygroup.com

llknedlnxvzy.com

mdqjln.today

grillerestaurants.store

rufous.rest

916593.com

xnaoei.com

data-tize.com

9299thapartmenthomes.com

htv7br.com

lawnmowinghub.com

uroafura.com

patriotbeadworks.online

xn--kbrv4kr9humg2qc.xn--io0a7i

Targets

- Target
  
  bill of lading.exe
- Size
  
  862KB
- MD5
  
  f4c6c8b6fc91dc8ff9230a6bb699d825
- SHA1
  
  6b3494490e2a350093c6864fbcfe56660b12db2c
- SHA256
  
  fc3b3317c4877d207407aad03ab5af9c0fbd4ea5e71353139eef0af9ab013c91
- SHA512
  
  79c0f036070a0d0e708fa49a536a5615fa6d68b370ed274532f7d648e5e779223aefbdacd5a19a4335731dfbed3c0574cd2a74ddbedadafe9031310532efe682
- SSDEEP
  
  12288:mwqfEur3vTwrMihFVtqtTFUprtROZoyKMZdwC+HuBkuNYBc5Z:cTgltqtTCpr6hZdwi5
Score

10^/10

formbook cqrt rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2