formbook

General

Target

DHL Invoice Details_pdf.exe
Size

828KB
Sample

221017-k4fz2abdgq
MD5

384579444926fb62ca870190509ec096
SHA1

818529123f2462098799b6c4dc4aeadda6c170ef
SHA256

1e9b2dab23e487f9f8442ab474b4ec7b56d5bbeca861d37c936a6bbbe2e84bdb
SHA512

ac05a72fc5d0d1254e67c99ccac8673b823aaa98051f69d4b4f84f42eae00ba4acece648fd232e1e80958af3f1dd200358a02c33384d53271d9b1d76ae28a43a
SSDEEP

12288:NwjAs0BRyNr08FI6LouQMQaMjoHmS8A/K17TQoLi8ILTcs/:NwjAs0BROk1kmS897koLi8IH

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

d10a

Decoy

tprgamesslot.com

1wautomarketing.shop

jnfc.bar

reelestate.info

coolvenead.buzz

am2pmconstruction.com

casasbh-digital.com

kmzu.info

magabestonline.com

evdirect.net

utaxi.app

gamemakr.tech

klsxofficial.com

qfaw.mom

bwchosting.com

joseli.xyz

carnelianintimates.com

manarnews.site

axacpe.click

pinupmeals.click

Targets

- Target
  
  DHL Invoice Details_pdf.exe
- Size
  
  828KB
- MD5
  
  384579444926fb62ca870190509ec096
- SHA1
  
  818529123f2462098799b6c4dc4aeadda6c170ef
- SHA256
  
  1e9b2dab23e487f9f8442ab474b4ec7b56d5bbeca861d37c936a6bbbe2e84bdb
- SHA512
  
  ac05a72fc5d0d1254e67c99ccac8673b823aaa98051f69d4b4f84f42eae00ba4acece648fd232e1e80958af3f1dd200358a02c33384d53271d9b1d76ae28a43a
- SSDEEP
  
  12288:NwjAs0BRyNr08FI6LouQMQaMjoHmS8A/K17TQoLi8ILTcs/:NwjAs0BROk1kmS897koLi8IH
Score

10^/10

formbook d10a rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2