formbook

General

Target

SecuriteInfo.com.Win32.PWSX-gen.6073.10168.exe
Size

833KB
Sample

221018-xvxyeadehk
MD5

af1defe4819022be7eba839a12ade9fd
SHA1

1d78fcd4864e9f1ae4fc1f96f528da2beca83515
SHA256

d087e426ce79e771312bb70d624f2ac316b675fe3ebc2eacc1accb787f84eeee
SHA512

e4a405a0ac1e3a5d6aa2a497e90a9563e30591f91524791f2e6d28f06471a543b51eda69fcfe2db73748cd91c12ae65e85c5f1c0f095706ef07290b50256ed39
SSDEEP

12288:83dB6o2ekH6q9PqfiS0lPNWVNYhe0bsm00py+2eX17nIglrXycuqZjDJEbrkj:sNCBY8e0IV0b2erRDy3

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

g2e8

Decoy

sawtiger.com

titanblackcat.buzz

caernarfontown.net

aladdin.coffee

we-buy-houses-cash.net

wfzctag.top

bluehouse.computer

hi88pro.online

smtfhcl.com

claimitznow.xyz

wnshots.store

ky3165.com

reviewforus.xyz

sportsandluxurycars.online

swchx.com

babnetwork.xyz

careplatform.online

ventilationbremen.com

templecause.shop

id-serportesepong345464.shop

Targets

- Target
  
  SecuriteInfo.com.Win32.PWSX-gen.6073.10168.exe
- Size
  
  833KB
- MD5
  
  af1defe4819022be7eba839a12ade9fd
- SHA1
  
  1d78fcd4864e9f1ae4fc1f96f528da2beca83515
- SHA256
  
  d087e426ce79e771312bb70d624f2ac316b675fe3ebc2eacc1accb787f84eeee
- SHA512
  
  e4a405a0ac1e3a5d6aa2a497e90a9563e30591f91524791f2e6d28f06471a543b51eda69fcfe2db73748cd91c12ae65e85c5f1c0f095706ef07290b50256ed39
- SSDEEP
  
  12288:83dB6o2ekH6q9PqfiS0lPNWVNYhe0bsm00py+2eX17nIglrXycuqZjDJEbrkj:sNCBY8e0IV0b2erRDy3
Score

10^/10

formbook g2e8 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2