formbook

General

Target

e9aa6a27ec892b6f181ce3b02ad0bdcc89a57ef61095d6328c78a96d1147111f
Size

996KB
Sample

221130-qkwh9sgb8y
MD5

328b0fa25e033f6f2551f4466e2010a4
SHA1

f418096848ecf5cb9f23ae98d9b521e47e6dad36
SHA256

e9aa6a27ec892b6f181ce3b02ad0bdcc89a57ef61095d6328c78a96d1147111f
SHA512

3e1b979c6250602a6408c709f8d2dfb9b8588b186e7f31e5907a15c160efc8528bff3d0c7b4b9f8380967a144ca618d83698b38d5e6dee85b060a249989a269b
SSDEEP

12288:7Ihm7pdgj6jRPLjRPqjBjjyjBjBjBjBjLjGR9gsapVG/z7hACpzaxBDfQ/NRYvz9:El3IifOCpzqVaNRA2QM5

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

gbr

Decoy

serabet.com

galanggroup.com

zweitmeinung-urologie.com

damsalon.com

binliwine.com

lifeladderindia.com

flyingwranchmanagement.com

tripsandturns.com

3headdesign.com

aluminumfacade.com

toprestau.com

facetreatspa.com

periodrescuekit.com

dbaojian.com

altinotokurtarma.com

gkpelle.com

loguslife.com

treatse.com

lghglzcnkx.net

jawharabh.com

Targets

- Target
  
  e9aa6a27ec892b6f181ce3b02ad0bdcc89a57ef61095d6328c78a96d1147111f
- Size
  
  996KB
- MD5
  
  328b0fa25e033f6f2551f4466e2010a4
- SHA1
  
  f418096848ecf5cb9f23ae98d9b521e47e6dad36
- SHA256
  
  e9aa6a27ec892b6f181ce3b02ad0bdcc89a57ef61095d6328c78a96d1147111f
- SHA512
  
  3e1b979c6250602a6408c709f8d2dfb9b8588b186e7f31e5907a15c160efc8528bff3d0c7b4b9f8380967a144ca618d83698b38d5e6dee85b060a249989a269b
- SSDEEP
  
  12288:7Ihm7pdgj6jRPLjRPqjBjjyjBjBjBjBjLjGR9gsapVG/z7hACpzaxBDfQ/NRYvz9:El3IifOCpzqVaNRA2QM5
Score

10^/10

formbook gbr rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2