formbook

General

Target

DHL Notification_pdf (2).exe
Size

696KB
Sample

221124-jhqfxahc95
MD5

5f5922ac6fadabdcdca744e79c6681b1
SHA1

9a13c929512460bab2bb95b07018c7e0766fe81b
SHA256

0ce125663c13098237173a0f183ed629019cfaa7a79464a34f109f48e83a49e6
SHA512

99a9b4623da4f119bdc4e05c64b29c5473e6e0c99a071ee7294b99ed78c032f3af18ce5ec5cb97996dc7e30373d6b4662c1c7e392a5deccaffef2b6db0b87666
SSDEEP

12288:/qgh/PsZ1DX/VDJXyx8WjqAwZCzH+I7Y2+LFcATq0jobbvYSVrY6P:/qgh/PAyr3mCzH+I1+LBqWyVrpP

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

j17j

Decoy

playphf.live

solarthinfilmtec.com

gdhaoshan.com

posh-designs.com

369andrewst.com

doverupblications.com

hengshangmei.com

decungo.com

checksinthemaiil.com

4localde.com

wetakeoveryourhousepayments.com

overcharge-center.com

mmmmmboulder.com

almaszarrin.net

enterpriseturkey.com

lanierfurniture.com

lhzb726-gw021.vip

onuiol.com

dmitrytodosyev.com

117uuu.com

Targets

- Target
  
  DHL Notification_pdf (2).exe
- Size
  
  696KB
- MD5
  
  5f5922ac6fadabdcdca744e79c6681b1
- SHA1
  
  9a13c929512460bab2bb95b07018c7e0766fe81b
- SHA256
  
  0ce125663c13098237173a0f183ed629019cfaa7a79464a34f109f48e83a49e6
- SHA512
  
  99a9b4623da4f119bdc4e05c64b29c5473e6e0c99a071ee7294b99ed78c032f3af18ce5ec5cb97996dc7e30373d6b4662c1c7e392a5deccaffef2b6db0b87666
- SSDEEP
  
  12288:/qgh/PsZ1DX/VDJXyx8WjqAwZCzH+I7Y2+LFcATq0jobbvYSVrY6P:/qgh/PAyr3mCzH+I1+LBqWyVrpP
Score

10^/10

formbook j17j rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2