formbook

General

Target

2d084b84d0d984e5be3a3da16c8e1ff573eedc1bd130d364059c3746a3bc737f
Size

1.0MB
Sample

221130-semehsag49
MD5

2e8c81de45613bcf046be1c499bf02c8
SHA1

e17562bc44d20e7afc2247ed498d89f04b6aea14
SHA256

2d084b84d0d984e5be3a3da16c8e1ff573eedc1bd130d364059c3746a3bc737f
SHA512

d3f4fd52944ce545a5f1f11041104e560653f5b5e6ff7bebf862f479a967f8bd6e688eb64bf4df5a0e46593d8c4f5ba302feba1b2cb4e93deb08e4512accdc6e
SSDEEP

12288:rLvhykEGC2nxt/GXB1OiwFZo1dUMYUb89CG1XFRsAe8g:rrh7EGCothrZorUMjY9CGlFs8g

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

gbr

Decoy

serabet.com

galanggroup.com

zweitmeinung-urologie.com

damsalon.com

binliwine.com

lifeladderindia.com

flyingwranchmanagement.com

tripsandturns.com

3headdesign.com

aluminumfacade.com

toprestau.com

facetreatspa.com

periodrescuekit.com

dbaojian.com

altinotokurtarma.com

gkpelle.com

loguslife.com

treatse.com

lghglzcnkx.net

jawharabh.com

Targets

- Target
  
  2d084b84d0d984e5be3a3da16c8e1ff573eedc1bd130d364059c3746a3bc737f
- Size
  
  1.0MB
- MD5
  
  2e8c81de45613bcf046be1c499bf02c8
- SHA1
  
  e17562bc44d20e7afc2247ed498d89f04b6aea14
- SHA256
  
  2d084b84d0d984e5be3a3da16c8e1ff573eedc1bd130d364059c3746a3bc737f
- SHA512
  
  d3f4fd52944ce545a5f1f11041104e560653f5b5e6ff7bebf862f479a967f8bd6e688eb64bf4df5a0e46593d8c4f5ba302feba1b2cb4e93deb08e4512accdc6e
- SSDEEP
  
  12288:rLvhykEGC2nxt/GXB1OiwFZo1dUMYUb89CG1XFRsAe8g:rrh7EGCothrZorUMjY9CGlFs8g
Score

10^/10

formbook gbr rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2