formbook

General

Target

6695ad2b11cf12fe057273b08f07f9020916cb68a2803206ecc31f61b9f6b7f1
Size

340KB
Sample

221130-saqldadc2y
MD5

b6a71f32c73d5392dc3dcf5ebfd9f11a
SHA1

82af158a9984597cfb71570ff87f52421e1b0d2c
SHA256

6695ad2b11cf12fe057273b08f07f9020916cb68a2803206ecc31f61b9f6b7f1
SHA512

aa6b1bc9ff70689c0740683c0858a48b348c4d9f018c3ca11745dcb74480efb89b89dc002159576cd0c461ff9b2de320729a3a40f984a83a8698a4e99d4f959b
SSDEEP

6144:D3yaVwC1pYMTJCTmjd3M3YqUoqNgtDK5BGN1BOpF1d8EWkFRTlV1erRSaYv0P3:bVwMmgJEmjd4/UoqNggDGNaFGEWO1edH

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

c239

Decoy

shareourjesus.com

lavictoriaesdetodos.com

helpfulproductions.com

waggonerplastics.com

skipouya.com

everyoneshoroscope.com

winterstokeview.com

gutsyhomemakers.com

redstatesdigital.com

themacmeliusshow.com

beautybarnantucket.com

wearetwo-a.com

thenutritionessentialist.com

tapsiwadhwa.com

jundicompany.net

gobocawest.com

woodking.space

elegantap.com

2ndoss.info

ebay1111.com

Targets

- Target
  
  6695ad2b11cf12fe057273b08f07f9020916cb68a2803206ecc31f61b9f6b7f1
- Size
  
  340KB
- MD5
  
  b6a71f32c73d5392dc3dcf5ebfd9f11a
- SHA1
  
  82af158a9984597cfb71570ff87f52421e1b0d2c
- SHA256
  
  6695ad2b11cf12fe057273b08f07f9020916cb68a2803206ecc31f61b9f6b7f1
- SHA512
  
  aa6b1bc9ff70689c0740683c0858a48b348c4d9f018c3ca11745dcb74480efb89b89dc002159576cd0c461ff9b2de320729a3a40f984a83a8698a4e99d4f959b
- SSDEEP
  
  6144:D3yaVwC1pYMTJCTmjd3M3YqUoqNgtDK5BGN1BOpF1d8EWkFRTlV1erRSaYv0P3:bVwMmgJEmjd4/UoqNggDGNaFGEWO1edH
Score

10^/10

formbook c239 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2