formbook

General

Target

NEW ORDER NO 234.exe
Size

996KB
Sample

221022-3bzksafean
MD5

5f472cf588f9b1b9cc16dff01c3ec413
SHA1

d7b45256dda1bb2904803a980cecb1c39d56f63d
SHA256

e7251560a32de7476876b53c4378a37b8ee9604b9cc7ba253fa0426dc5bafa65
SHA512

85dd4aecb77e3502dfe7592c03c924278d38e2a44e68b4df4cf20bb4c89153715660643ccf1472ae467fae3c94dd4b8d7b834e52714e44ef9b22472049ea0f6e
SSDEEP

12288:3PjwGjZk7b2iNcwUg5kh2VNOf6G4m3MctfeN57zBy9r0FyyZ4aIslL1fEuqzI:TNc1WXUkY44eJQ5Y50Ag4xslK

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

p94a

Decoy

wishgrove.com

parqueveiculos.com

spiderwebs.online

chulkanadham.com

cdtuan.net

zxazm.com

payment6528832.xyz

fengtaiol.com

bffsmovie.com

aliceseagerfitness.com

garisluruskonsulindo.website

analytical-gutter.net

ahcq8.com

fenyoga.com

ecleptic.cat

conjurecrafts.com

aquaway.date

apenpokkenschoonmaakbedrijf.com

zgramr.top

boweknives.site

Targets

- Target
  
  NEW ORDER NO 234.exe
- Size
  
  996KB
- MD5
  
  5f472cf588f9b1b9cc16dff01c3ec413
- SHA1
  
  d7b45256dda1bb2904803a980cecb1c39d56f63d
- SHA256
  
  e7251560a32de7476876b53c4378a37b8ee9604b9cc7ba253fa0426dc5bafa65
- SHA512
  
  85dd4aecb77e3502dfe7592c03c924278d38e2a44e68b4df4cf20bb4c89153715660643ccf1472ae467fae3c94dd4b8d7b834e52714e44ef9b22472049ea0f6e
- SSDEEP
  
  12288:3PjwGjZk7b2iNcwUg5kh2VNOf6G4m3MctfeN57zBy9r0FyyZ4aIslL1fEuqzI:TNc1WXUkY44eJQ5Y50Ag4xslK
Score

10^/10

formbook p94a rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2