formbook

General

Target

fd71a6b52dca328dc8fb6f7b731d1e932ae5029ae215e358baecd699d2497426
Size

620KB
Sample

221130-ts7s2shh6v
MD5

aee7e469f3cb22380018be1f669e2fc3
SHA1

2e222325be20329fd3dfd013e1bc6f35a201335e
SHA256

fd71a6b52dca328dc8fb6f7b731d1e932ae5029ae215e358baecd699d2497426
SHA512

bb01a83a9a62b2fce4cfdfbbc1abaa16e28b9fd735ea8b028e8c22484f99ced18fdcc138283ea992ddbcee34f757a543bdcf581c82a1012ee7cda468e9361682
SSDEEP

12288:QXdN+0fpJGlWtshBTdHO/zr6iL+mI92h7Uv8KPxoCa3qv:SXfpJ+yulduLrIg7QgCaS

Score

10^/10

formbook do rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

3.9

Campaign

do

Decoy

dingjian.ink

diasdamamae.com

bedmasacademy.com

lomeliglass.com

lupayiwu33.party

camalinelimited.com

0t1zeroafter.men

luxzurybeauty.com

charlottiesliketosin.com

reportesitiowebseo.com

kitchencastle.win

rudyglez.com

ssgg88.com

wansolar.com

xn--5brp51b2jpe3i.com

riverilsand.com

dipspain.com

scsjzxmr.com

foundeort.com

diakstairmsley.win

Targets

- Target
  
  fd71a6b52dca328dc8fb6f7b731d1e932ae5029ae215e358baecd699d2497426
- Size
  
  620KB
- MD5
  
  aee7e469f3cb22380018be1f669e2fc3
- SHA1
  
  2e222325be20329fd3dfd013e1bc6f35a201335e
- SHA256
  
  fd71a6b52dca328dc8fb6f7b731d1e932ae5029ae215e358baecd699d2497426
- SHA512
  
  bb01a83a9a62b2fce4cfdfbbc1abaa16e28b9fd735ea8b028e8c22484f99ced18fdcc138283ea992ddbcee34f757a543bdcf581c82a1012ee7cda468e9361682
- SSDEEP
  
  12288:QXdN+0fpJGlWtshBTdHO/zr6iL+mI92h7Uv8KPxoCa3qv:SXfpJ+yulduLrIg7QgCaS
Score

10^/10

formbook do rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2