formbook

General

Target

1e99e3ef6027ed7a0f49f67796042a0ff2b303c120bf8720901387d9a71542fe
Size

526KB
Sample

221130-phvnhsac36
MD5

53b73e4b80ef2f787b81ef94a9e8a0a9
SHA1

59a4562f2eba9df1e56541fe4f0240e77a8f57ce
SHA256

1e99e3ef6027ed7a0f49f67796042a0ff2b303c120bf8720901387d9a71542fe
SHA512

6afb8a02eaf4f1d52ae63c0a766ad6c7799014aa78c2292ef965978410d6b211ef4abe69dfaa72d2d2d990d7162770996ea3f29540a92b3b29b73887bc9d3b1e
SSDEEP

12288:XCT/rgEZ+h8gzlj4kayHe5uvPBD0j1XFumjhUErq1/Uo2IOpgE/oRegM:g/rgZhflj4jy/vPij1XFu4iEm1/UvIOb

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

3.9

Campaign

r16

Decoy

kingshero.net

coinhoue.com

brittanysanddejuanswedding.com

jerseysvipsmall.com

moderneserviezen.com

nyccustody.com

2bj9yzli.biz

azure-documentation.com

alomin1.com

mybluemedsupp.com

cumbera.com

hurricaneirma-claims.com

supportsupportcases.com

safenurses.com

xedxs.com

cosck.net

activekarpaty.com

cbdoilsc.com

kejadigital.com

metalportasbh.com

Targets

- Target
  
  1e99e3ef6027ed7a0f49f67796042a0ff2b303c120bf8720901387d9a71542fe
- Size
  
  526KB
- MD5
  
  53b73e4b80ef2f787b81ef94a9e8a0a9
- SHA1
  
  59a4562f2eba9df1e56541fe4f0240e77a8f57ce
- SHA256
  
  1e99e3ef6027ed7a0f49f67796042a0ff2b303c120bf8720901387d9a71542fe
- SHA512
  
  6afb8a02eaf4f1d52ae63c0a766ad6c7799014aa78c2292ef965978410d6b211ef4abe69dfaa72d2d2d990d7162770996ea3f29540a92b3b29b73887bc9d3b1e
- SSDEEP
  
  12288:XCT/rgEZ+h8gzlj4kayHe5uvPBD0j1XFumjhUErq1/Uo2IOpgE/oRegM:g/rgZhflj4jy/vPij1XFu4iEm1/UvIOb
Score

10^/10

formbook r16 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2