formbook

General

Target

a5f80157e87e9b1d0d1b501fe555b248e14763b63bdb63d6e3e147d98b20668e
Size

1.6MB
Sample

221130-wjas3afa7x
MD5

38686818a4717da90e4d7b382bc4bc47
SHA1

b82a60c2648a68e22148e1171e8afc546be1489b
SHA256

a5f80157e87e9b1d0d1b501fe555b248e14763b63bdb63d6e3e147d98b20668e
SHA512

916a7327c5e24a9f685e2f4e6c180a4ed38f7be31ef848f2b197cf4549e1acd5f1955459ceb6fbdbb0f0cebea44df9c447d462f36eaafc6580644a6ab0c4274e
SSDEEP

12288:jdPcrxdJjY7iuUxQUNvi9tHeV6tEujmjRPTjRPyjBjjijBjBjBjBjLjgzOLT6f7d:jdkdQ4QUitHC6q41EAD2EmX6wW

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

gbr

Decoy

serabet.com

galanggroup.com

zweitmeinung-urologie.com

damsalon.com

binliwine.com

lifeladderindia.com

flyingwranchmanagement.com

tripsandturns.com

3headdesign.com

aluminumfacade.com

toprestau.com

facetreatspa.com

periodrescuekit.com

dbaojian.com

altinotokurtarma.com

gkpelle.com

loguslife.com

treatse.com

lghglzcnkx.net

jawharabh.com

Targets

- Target
  
  a5f80157e87e9b1d0d1b501fe555b248e14763b63bdb63d6e3e147d98b20668e
- Size
  
  1.6MB
- MD5
  
  38686818a4717da90e4d7b382bc4bc47
- SHA1
  
  b82a60c2648a68e22148e1171e8afc546be1489b
- SHA256
  
  a5f80157e87e9b1d0d1b501fe555b248e14763b63bdb63d6e3e147d98b20668e
- SHA512
  
  916a7327c5e24a9f685e2f4e6c180a4ed38f7be31ef848f2b197cf4549e1acd5f1955459ceb6fbdbb0f0cebea44df9c447d462f36eaafc6580644a6ab0c4274e
- SSDEEP
  
  12288:jdPcrxdJjY7iuUxQUNvi9tHeV6tEujmjRPTjRPyjBjjijBjBjBjBjLjgzOLT6f7d:jdkdQ4QUitHC6q41EAD2EmX6wW
Score

10^/10

formbook gbr rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2