formbook

General

Target

e8ed49650b42ebb3a251a7353809309e94f885316bf1b0153def1c180628cee4.zip
Size

760KB
Sample

221124-kzwvpafh21
MD5

d7190b484a307b129d1cfb1a1620bfc4
SHA1

f80e83732bab3391004251c54c99b1603334cc9b
SHA256

8f7e706fdab1fdd37845414f9a3df56d428c5e5718c5a1118e20b7b9558a81e2
SHA512

fd3f074ff32b5d6ce250121b08a24853420c0ddcd8bd9659dfc84e6f3f6da3d7b336fd9f4089099a501500a37a4cbb8b3cff011c3a3b9878c45205c30c125df3
SSDEEP

12288:AvYIwVmWRD+H02QMX9vAmmPKNZqWvp2/gzb32O2MKCHxRd3StKi0vOkFLs1D5fcp:oYPjRDAXNvqPKaWZzbb2CHxK8hLFLi9U

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ng04

Decoy

tevimaq.com

easterspecialtystore.com

smartlever.tech

10312.uk

tanjawiharbi.co.uk

471338.com

horusventure.com

empress-care.com

sinrian.com

465951.com

aemsti.com

nxcourier.com

stargatefarms.com

lalyquainvestment.com

dailysportsadvice.com

justlistmoore.com

stoneonroll.online

tatianakolomiets.com

barcodebbm.com

protectorship.world

Targets

- Target
  
  e8ed49650b42ebb3a251a7353809309e94f885316bf1b0153def1c180628cee4.exe
- Size
  
  1.0MB
- MD5
  
  21eb8736dd89da5191e78fde4a3ca3da
- SHA1
  
  c96857cc2d0177ec028bba3e467f3930e5c02f85
- SHA256
  
  e8ed49650b42ebb3a251a7353809309e94f885316bf1b0153def1c180628cee4
- SHA512
  
  71ba19fd8cb5bbef1f4fb0d9a03ab7b9c8724263b0ab38e5c9cb979b65f42e7743c3e46050fc2b2fc52087a5e4523b8482c3a9acd3858a8bb71b536f4a220b6e
- SSDEEP
  
  12288:oyRPYYsZ1DX/VDJtV7oT6P9GJ2LjmgoxQT0z/ZBQfWh+QJFuUtxEr5Cd4uUVhjPO:oCYYk8WP9GcWje0zXhnzxEPZV
Score

10^/10

formbook ng04 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2