formbook

General

Target

SecuriteInfo.com.Win32.CrypterX-gen.16304.13478
Size

902KB
Sample

221129-kggytace74
MD5

2c37cb553314943214dc79d2d5cd95d2
SHA1

8d729ace154aae255cc7d20e0038889c1a16b30b
SHA256

5cfdb9f856907336025bbd526f7383ae8edbce669348b8e330251dfe21072c8f
SHA512

fea37cc09a83b578a2911924becca74df9fa1cec27fe182a455cc88b31c91033ceaee5f32bb4ce4e51cb354156da295c3d5281f383264261be0aa467b2bc6686
SSDEEP

24576:0YLeTgdo0x708aTH0wikFauuPZA2FDdEPf:0YLKgDx70j0wikFauuPZAzP

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ndgi

Decoy

vuicotvxrejp3il.xyz

w3fa6.net

sappuno02.com

konstruksirumah.xyz

usalifehealth.com

and1f.xyz

atenmentfstinfdow.beauty

primepipe.net

roundhouseny.com

alexandermcqueen.icu

transporteavalos.com

spankmetaverse.xyz

jhccowholesale.com

bielefeldgebaeudereinigung.com

saintraphaelschool.com

larifaa.online

dejabrew.info

izabelaeraphael.com

granniestoneet.com

greensourceseed.com

Targets

- Target
  
  SecuriteInfo.com.Win32.CrypterX-gen.16304.13478
- Size
  
  902KB
- MD5
  
  2c37cb553314943214dc79d2d5cd95d2
- SHA1
  
  8d729ace154aae255cc7d20e0038889c1a16b30b
- SHA256
  
  5cfdb9f856907336025bbd526f7383ae8edbce669348b8e330251dfe21072c8f
- SHA512
  
  fea37cc09a83b578a2911924becca74df9fa1cec27fe182a455cc88b31c91033ceaee5f32bb4ce4e51cb354156da295c3d5281f383264261be0aa467b2bc6686
- SSDEEP
  
  24576:0YLeTgdo0x708aTH0wikFauuPZA2FDdEPf:0YLKgDx70j0wikFauuPZAzP
Score

10^/10

formbook ndgi rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2