formbook

General

Target

3e8da4fa74ffde7264e854c958bbad0892813c261a525a5a6053c3bfd0e612c0
Size

669KB
Sample

221130-xq5gpaad7x
MD5

2f58636fbd887acd4fb3e8802d4c7fd8
SHA1

be18d7673ffa13ebefd0331a74b71851e70411da
SHA256

3e8da4fa74ffde7264e854c958bbad0892813c261a525a5a6053c3bfd0e612c0
SHA512

671e62344766be4e12e007424b952dfe6abdf17176166f89c6e79c6c34e6c6a3b97a9454ad20464132cd80b8f61b5417ce66bb890c58a4e03a7f06f44ccb2637
SSDEEP

12288:GGcKa+E6SPtAcsrx2Q004g0owdvnleg/kXkKE2rBE6nuSxFoC:KKHLSFAcsd7jsHllL4r9Bxv

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

thg

Decoy

retrospectphotographydesign.com

jafodraws.com

cigiwie.space

upgradecarehealth.com

12ts.xyz

111indianbend.com

qqchbakery.com

0831xx.com

supecret.com

ayfadopple.com

coldwateradvisors.com

forexgiftcard.com

actionconsultingchile.com

mpsconcrete.net

carmallc.com

b167888.com

simonking.xyz

elitedigitalperformance.com

essentialjanitorialservices.com

barcosocasionberga.com

Targets

- Target
  
  3e8da4fa74ffde7264e854c958bbad0892813c261a525a5a6053c3bfd0e612c0
- Size
  
  669KB
- MD5
  
  2f58636fbd887acd4fb3e8802d4c7fd8
- SHA1
  
  be18d7673ffa13ebefd0331a74b71851e70411da
- SHA256
  
  3e8da4fa74ffde7264e854c958bbad0892813c261a525a5a6053c3bfd0e612c0
- SHA512
  
  671e62344766be4e12e007424b952dfe6abdf17176166f89c6e79c6c34e6c6a3b97a9454ad20464132cd80b8f61b5417ce66bb890c58a4e03a7f06f44ccb2637
- SSDEEP
  
  12288:GGcKa+E6SPtAcsrx2Q004g0owdvnleg/kXkKE2rBE6nuSxFoC:KKHLSFAcsd7jsHllL4r9Bxv
Score

10^/10

formbook thg rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2