formbook

General

Target

BATCH MCC220601.exe
Size

879KB
Sample

221028-19k4yaabel
MD5

f18e70cad17771781b755ba55846ec36
SHA1

749ecb4b9a1f775003b9037f6ebee88df8cd2c31
SHA256

ffdf5023253f85c17296dbb3a31d959b54b67c6db569b4b0f3a69eeeca76e112
SHA512

47b73d81e3bcc442b791db4fe51ae98b4086f14e3d97337bbdf851f0ead6417909dd6d7c0a9d5535c6eea5d25f173d4677d4f950365c3b0243a48b2a5d3dff91
SSDEEP

12288:9Wh702iNp6Rdy4vnVNGEu9zLmqzjCFGwwExvOCmIh5/C8WQGJu9TRrDV530:11SdFVBCzjCFfJBrr/COKu9tnV5

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ss63

Decoy

heartgroupfurniture.com

petruskraftshop.net

bernesespirit.com

minulgul.com

canoncashier.com

britishsaschool.com

frau-kruppa.net

cj-zn.com

derdggyih5ctsc.kred

xvvbros.pics

unacucinadipasta.com

brandsalted.com

pledialinks.xyz

teslamoto.shop

doxycyclin.monster

nuflowalexandriava.com

eliteinfratech.com

laymember.net

bestprobiotics.online

diversifiedpower.international

Targets

- Target
  
  BATCH MCC220601.exe
- Size
  
  879KB
- MD5
  
  f18e70cad17771781b755ba55846ec36
- SHA1
  
  749ecb4b9a1f775003b9037f6ebee88df8cd2c31
- SHA256
  
  ffdf5023253f85c17296dbb3a31d959b54b67c6db569b4b0f3a69eeeca76e112
- SHA512
  
  47b73d81e3bcc442b791db4fe51ae98b4086f14e3d97337bbdf851f0ead6417909dd6d7c0a9d5535c6eea5d25f173d4677d4f950365c3b0243a48b2a5d3dff91
- SSDEEP
  
  12288:9Wh702iNp6Rdy4vnVNGEu9zLmqzjCFGwwExvOCmIh5/C8WQGJu9TRrDV530:11SdFVBCzjCFfJBrr/COKu9tnV5
Score

10^/10

formbook ss63 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2