formbook

General

Target

40ee2027d06e0a2ed12888c0e64c43a501ac7f81709625eb1ed61e5b0e43f865
Size

490KB
Sample

221130-tznzhsff94
MD5

204da52ffbac84b1067d3ee2d06a8b15
SHA1

05672de9a26d7cb5cfd408f06bc50e71265f32f3
SHA256

40ee2027d06e0a2ed12888c0e64c43a501ac7f81709625eb1ed61e5b0e43f865
SHA512

0989cf3b1de4c71e664471cfb9ff783c250e8d251e1438dd01815f8ee3d7103b9b55dd8dfaf374e0ce1ec2c605efc3cb6f8f46df9a9e209ee5638fb0762296b5
SSDEEP

6144:MTDMAYloj1/L8YEAQwgG5hUf+uJ18yL3gfDj3f4acR2RzqmCGujxggwHDU1W8:+DMAzjN4YEAFKmE0fbcgcVwg1W8

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

pep

Decoy

whitelabelgraphics.pro

futureguidefilms.com

mission-duplex.com

rutherealty.com

acehardwaremall.com

potenb.com

tbhawt.com

momentum-ip.group

m8sr8s.com

cfwagner.com

umiyama-eri.com

klantenvinden.com

simplycasd.com

visionhomerecruiting.com

inkjet-material.com

banking-aib.com

fast1performance.com

eventsbyja.com

breuer.network

smartecelectronics.com

Targets

- Target
  
  40ee2027d06e0a2ed12888c0e64c43a501ac7f81709625eb1ed61e5b0e43f865
- Size
  
  490KB
- MD5
  
  204da52ffbac84b1067d3ee2d06a8b15
- SHA1
  
  05672de9a26d7cb5cfd408f06bc50e71265f32f3
- SHA256
  
  40ee2027d06e0a2ed12888c0e64c43a501ac7f81709625eb1ed61e5b0e43f865
- SHA512
  
  0989cf3b1de4c71e664471cfb9ff783c250e8d251e1438dd01815f8ee3d7103b9b55dd8dfaf374e0ce1ec2c605efc3cb6f8f46df9a9e209ee5638fb0762296b5
- SSDEEP
  
  6144:MTDMAYloj1/L8YEAQwgG5hUf+uJ18yL3gfDj3f4acR2RzqmCGujxggwHDU1W8:+DMAzjN4YEAFKmE0fbcgcVwg1W8
Score

10^/10

formbook pep agilenet rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Executes dropped EXE

Loads dropped DLL

Obfuscated with Agile.Net obfuscator

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2