formbook

General

Target

3b7892199cc0db41934ff6efd787b9ccc8793cfd8379f74b507f6f668bf30802
Size

512KB
Sample

221130-smv2mabd39
MD5

1b104904956c04b02033f0988ab77f86
SHA1

4c0228f43ea1d45118c22172134b85923e099219
SHA256

3b7892199cc0db41934ff6efd787b9ccc8793cfd8379f74b507f6f668bf30802
SHA512

942b57c9628c0195ff685930bcdac1e6fb5c86bd778ce38c743e95293051cd4339beb5e7fdefcb8efbf4966b7ed9eaff7d57e351be01cbc6503689b7d681aa93
SSDEEP

12288:CRORm6zRzwSJqWMr6ABza0wE2M8cMfCqY++RcHeoYn+1:8ORpuSJer6ABXMM8cNH+5e5U

Score

10^/10

formbook al rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

3.9

Campaign

al

Decoy

erikdane.com

muying365.net

kilosu.com

bjgdyzh.com

fonese.com

dillydaydreams.com

eduardoroa.com

112215.info

atrapaloweb.com

multicomers.com

puntagency.com

ayamanagement.com

ifbw.info

filthyrichshop.com

reflexwings.net

alkhajaatuae.com

yaboo258.com

jinyudo-tokyo.com

studunit.net

rhein-neckar.immobilien

Targets

- Target
  
  3b7892199cc0db41934ff6efd787b9ccc8793cfd8379f74b507f6f668bf30802
- Size
  
  512KB
- MD5
  
  1b104904956c04b02033f0988ab77f86
- SHA1
  
  4c0228f43ea1d45118c22172134b85923e099219
- SHA256
  
  3b7892199cc0db41934ff6efd787b9ccc8793cfd8379f74b507f6f668bf30802
- SHA512
  
  942b57c9628c0195ff685930bcdac1e6fb5c86bd778ce38c743e95293051cd4339beb5e7fdefcb8efbf4966b7ed9eaff7d57e351be01cbc6503689b7d681aa93
- SSDEEP
  
  12288:CRORm6zRzwSJqWMr6ABza0wE2M8cMfCqY++RcHeoYn+1:8ORpuSJer6ABXMM8cNH+5e5U
Score

10^/10

formbook al rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2