formbook

General

Target

SecuriteInfo.com.Win32.PWSX-gen.24087.4059.exe
Size

588KB
Sample

221027-qkhbmsccfk
MD5

e9a36af4d6ea3314299ed373894610cf
SHA1

6da7991d3ffb64388e23936b3d99a2f2637fc3ce
SHA256

09cda694bcb240c7b0742de73888b7ab55db4f29ee1c6c471f4b8982dc150f5d
SHA512

d69be3cbf9bb164df60f554ecccaa063267c88b83f2c143522835f3d1e64b4c107a98512f613764a1ed502dcadccb53a562c04b979f83a8317d4fb0f06577c80
SSDEEP

12288:YllG66h7Josrm8PKW8czF6iXVRh7JgNmac5U0wu5lC/V1ok96:FHtbjFX7u/POIVOk9

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ng04

Decoy

tevimaq.com

easterspecialtystore.com

smartlever.tech

10312.uk

tanjawiharbi.co.uk

471338.com

horusventure.com

empress-care.com

sinrian.com

465951.com

aemsti.com

nxcourier.com

stargatefarms.com

lalyquainvestment.com

dailysportsadvice.com

justlistmoore.com

stoneonroll.online

tatianakolomiets.com

barcodebbm.com

protectorship.world

Targets

- Target
  
  SecuriteInfo.com.Win32.PWSX-gen.24087.4059.exe
- Size
  
  588KB
- MD5
  
  e9a36af4d6ea3314299ed373894610cf
- SHA1
  
  6da7991d3ffb64388e23936b3d99a2f2637fc3ce
- SHA256
  
  09cda694bcb240c7b0742de73888b7ab55db4f29ee1c6c471f4b8982dc150f5d
- SHA512
  
  d69be3cbf9bb164df60f554ecccaa063267c88b83f2c143522835f3d1e64b4c107a98512f613764a1ed502dcadccb53a562c04b979f83a8317d4fb0f06577c80
- SSDEEP
  
  12288:YllG66h7Josrm8PKW8czF6iXVRh7JgNmac5U0wu5lC/V1ok96:FHtbjFX7u/POIVOk9
Score

10^/10

formbook ng04 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2