formbook

General

Target

c1d74ec41c57e24503bb5f05117a0215.exe
Size

873KB
Sample

221028-g3r45afahq
MD5

c1d74ec41c57e24503bb5f05117a0215
SHA1

47bd6a606edd6229962526f5488c5c8635acc50e
SHA256

ab380ec497114c124eaabbb96f643cb20dfb24d0618be4934c19c4062f82fa71
SHA512

43ab24a193c2c5698c4a6d5fb6122f29204109dd608c1bd936be5104f2da29d3996cfdf6b20cbfc2d83559f0b2691f6f6dd9d098fc0ef4710b0e0b5997249bbf
SSDEEP

12288:Rqh702iNpEmR/B4C0UW6Tggk3PuhB4QJP1vwY1LFUFWs8JTEc72d/DW7UKt:d1BWU7ggnhfrvwY15UIDhAg

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

hn73

Decoy

medusaams.com

ekyas.com

deadandcompanyindianapolis.net

winnersclub.live

gozero.buzz

sdmfeh.xyz

rikfiri.com

happyworld.tech

oculusquest2linkcable.com

cksexdoll.top

aitechconsulting.net

prstampsevery.shop

kioskdz.com

fogg.productions

7gu7x5mc.com

thefactoryco.com

dvsmanpowerenterprises.com

dreamwins5.com

bgs-abogados.com

arthursouza.online

Targets

- Target
  
  c1d74ec41c57e24503bb5f05117a0215.exe
- Size
  
  873KB
- MD5
  
  c1d74ec41c57e24503bb5f05117a0215
- SHA1
  
  47bd6a606edd6229962526f5488c5c8635acc50e
- SHA256
  
  ab380ec497114c124eaabbb96f643cb20dfb24d0618be4934c19c4062f82fa71
- SHA512
  
  43ab24a193c2c5698c4a6d5fb6122f29204109dd608c1bd936be5104f2da29d3996cfdf6b20cbfc2d83559f0b2691f6f6dd9d098fc0ef4710b0e0b5997249bbf
- SSDEEP
  
  12288:Rqh702iNpEmR/B4C0UW6Tggk3PuhB4QJP1vwY1LFUFWs8JTEc72d/DW7UKt:d1BWU7ggnhfrvwY15UIDhAg
Score

10^/10

formbook hn73 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2