formbook

General

Target

0351e4f1b5fcd2ea0ebf370033c59e9f1aa4122a78fb4bd69190f49f893ef83f
Size

509KB
Sample

221130-pzf7fsbe25
MD5

fab84396a57be43d0f8415fa5391576d
SHA1

45d4b02d2099b9487f2024fac62fc3384ca7b420
SHA256

0351e4f1b5fcd2ea0ebf370033c59e9f1aa4122a78fb4bd69190f49f893ef83f
SHA512

1bc36a5b9a1b8c122e0a9de4256c905d1d9d34634e4be6b2714ec954585dc09a0badea0c70bb2318d73983106ad44563c326eaffc7ac21f27a0d1fbc3b346169
SSDEEP

12288:tNIJa7n+XmVwmm7ozs0KDL7rqVzUxUcJ/OaIneCW8aUTIkvaV0nbYKkiTe7ohgTq:TIA7HwTMGlX9ph60g

Score

10^/10

formbook nk rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

3.9

Campaign

nk

Decoy

horaire-mobile.com

celebritiesbeautysecret.com

kansai-daily.com

tecnosellers.com

wassamall.com

crisefabio.net

ourcitytable.com

dynamic123.com

3332009.com

thestretchbartexas.com

ackeylieutdicermedias.link

tinyweirdos.com

tokatkitapfuari.com

fairdoing.com

tkq.ink

thicdienthoai.com

maneproject.online

devicesslick.info

zfee.ltd

ewiuh.com

Targets

- Target
  
  0351e4f1b5fcd2ea0ebf370033c59e9f1aa4122a78fb4bd69190f49f893ef83f
- Size
  
  509KB
- MD5
  
  fab84396a57be43d0f8415fa5391576d
- SHA1
  
  45d4b02d2099b9487f2024fac62fc3384ca7b420
- SHA256
  
  0351e4f1b5fcd2ea0ebf370033c59e9f1aa4122a78fb4bd69190f49f893ef83f
- SHA512
  
  1bc36a5b9a1b8c122e0a9de4256c905d1d9d34634e4be6b2714ec954585dc09a0badea0c70bb2318d73983106ad44563c326eaffc7ac21f27a0d1fbc3b346169
- SSDEEP
  
  12288:tNIJa7n+XmVwmm7ozs0KDL7rqVzUxUcJ/OaIneCW8aUTIkvaV0nbYKkiTe7ohgTq:TIA7HwTMGlX9ph60g
Score

10^/10

formbook nk rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2