formbook

General

Target

DHL Consignment Details_pdf.exe
Size

690KB
Sample

221125-vj5srsbg85
MD5

c789aa7c8b719e8658ce0e7a0e626799
SHA1

cf277fafb24b94cfc00555d3791141b3e522aa95
SHA256

fadd1059ba6d602427a8d00daf8e93b283ec5fbc8180ce65fc246ebbb4ef7318
SHA512

ef73dd758e1bbbd8366efe5352a9ea4a46e3ef6b68d6098063f2736512de9d4a804a3980c7560f2bc7afecf1cf486d6b8f6972179e7f542165a9e10849e64a43
SSDEEP

12288:5c3dxGKJK0nMV7oNeb2WSkqt9Ai0pVe6LLOi6HcjSCAmZJbxpDF:qN40nMV7Ue6RkEp4JL767CA

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

j17j

Decoy

playphf.live

solarthinfilmtec.com

gdhaoshan.com

posh-designs.com

369andrewst.com

doverupblications.com

hengshangmei.com

decungo.com

checksinthemaiil.com

4localde.com

wetakeoveryourhousepayments.com

overcharge-center.com

mmmmmboulder.com

almaszarrin.net

enterpriseturkey.com

lanierfurniture.com

lhzb726-gw021.vip

onuiol.com

dmitrytodosyev.com

117uuu.com

Targets

- Target
  
  DHL Consignment Details_pdf.exe
- Size
  
  690KB
- MD5
  
  c789aa7c8b719e8658ce0e7a0e626799
- SHA1
  
  cf277fafb24b94cfc00555d3791141b3e522aa95
- SHA256
  
  fadd1059ba6d602427a8d00daf8e93b283ec5fbc8180ce65fc246ebbb4ef7318
- SHA512
  
  ef73dd758e1bbbd8366efe5352a9ea4a46e3ef6b68d6098063f2736512de9d4a804a3980c7560f2bc7afecf1cf486d6b8f6972179e7f542165a9e10849e64a43
- SSDEEP
  
  12288:5c3dxGKJK0nMV7oNeb2WSkqt9Ai0pVe6LLOi6HcjSCAmZJbxpDF:qN40nMV7Ue6RkEp4JL767CA
Score

10^/10

formbook j17j rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2