formbook

General

Target

17738f933c264f5979a6ea7ddc4e4b4770432f32e3773e4e6b909e3bf3f2cd3c
Size

744KB
Sample

221130-p5dnhsbh87
MD5

185ee8d153bc97bd21cf3baef478dec0
SHA1

82d941989e8feba6a6c25b8e6812b8e22be51fd3
SHA256

17738f933c264f5979a6ea7ddc4e4b4770432f32e3773e4e6b909e3bf3f2cd3c
SHA512

38de1cff02350f6ac7acc0a3fadb0029c33368465af9b75806fe2627eb12eafbb1fdceea749f37af70263fac04a1ceefc902344eb5b8338eb3f171f6f01d3c41
SSDEEP

12288:TQirjDMcnoE0LtEx6UxNqj+stiD5mKsmlNy53tlRRm/YNUzn:TQuD1t0LtExjqj+wwctmS3t8QN

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

grv

Decoy

morganofatlanta.com

vz473.com

hengetelt.com

bailcally.com

virtuosoonline.com

tenthousandli.com

ohanamascota.com

digi-plates.com

prismagtech.com

we-cinema.com

372680.com

smartautoexpert.xyz

mrxzg.com

apartment-brussels.com

reverseincubator.com

linkasean.com

yummicrabva.com

diguchaye.com

reaktorfatura.com

thecatsaysno.com

Targets

- Target
  
  17738f933c264f5979a6ea7ddc4e4b4770432f32e3773e4e6b909e3bf3f2cd3c
- Size
  
  744KB
- MD5
  
  185ee8d153bc97bd21cf3baef478dec0
- SHA1
  
  82d941989e8feba6a6c25b8e6812b8e22be51fd3
- SHA256
  
  17738f933c264f5979a6ea7ddc4e4b4770432f32e3773e4e6b909e3bf3f2cd3c
- SHA512
  
  38de1cff02350f6ac7acc0a3fadb0029c33368465af9b75806fe2627eb12eafbb1fdceea749f37af70263fac04a1ceefc902344eb5b8338eb3f171f6f01d3c41
- SSDEEP
  
  12288:TQirjDMcnoE0LtEx6UxNqj+stiD5mKsmlNy53tlRRm/YNUzn:TQuD1t0LtExjqj+wwctmS3t8QN
Score

10^/10

formbook grv rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2