formbook

General

Target

SecuriteInfo.com.Win32.PWSX-gen.15138.11934.exe
Size

574KB
Sample

221130-kdj9rsfh3x
MD5

86c10e4e706dc6cabdca6a256914618f
SHA1

0846b6ded598fda3d551c109f9fc1308a7cf2571
SHA256

45fe03f1377e4f9dda19c68d7d29f051e1af299a6c6b0603fe25e79d69422e37
SHA512

ac72a540f9aa78fd069f451b92c3c2d7259ef5e95c1c7ce2dab6ff216bd8ab982271a3c749a3716aff75cf0d5b00da20de1c2f38b91cddf050e3c082485abb45
SSDEEP

12288:Kq+RYMqK60dw91na41WNd3Fzdi+2XeNHjoO+nX:Kq4YZ0d8l1WnP

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ndgi

Decoy

vuicotvxrejp3il.xyz

w3fa6.net

sappuno02.com

konstruksirumah.xyz

usalifehealth.com

and1f.xyz

atenmentfstinfdow.beauty

primepipe.net

roundhouseny.com

alexandermcqueen.icu

transporteavalos.com

spankmetaverse.xyz

jhccowholesale.com

bielefeldgebaeudereinigung.com

saintraphaelschool.com

larifaa.online

dejabrew.info

izabelaeraphael.com

granniestoneet.com

greensourceseed.com

Targets

- Target
  
  SecuriteInfo.com.Win32.PWSX-gen.15138.11934.exe
- Size
  
  574KB
- MD5
  
  86c10e4e706dc6cabdca6a256914618f
- SHA1
  
  0846b6ded598fda3d551c109f9fc1308a7cf2571
- SHA256
  
  45fe03f1377e4f9dda19c68d7d29f051e1af299a6c6b0603fe25e79d69422e37
- SHA512
  
  ac72a540f9aa78fd069f451b92c3c2d7259ef5e95c1c7ce2dab6ff216bd8ab982271a3c749a3716aff75cf0d5b00da20de1c2f38b91cddf050e3c082485abb45
- SSDEEP
  
  12288:Kq+RYMqK60dw91na41WNd3Fzdi+2XeNHjoO+nX:Kq4YZ0d8l1WnP
Score

10^/10

formbook ndgi rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2