formbook

General

Target

cc7b6a1d27e2c8f4606dd8c6d5746eba33b7ac47a5d032151ceeeaa6ebc184eb
Size

622KB
Sample

221130-xzvnvagc49
MD5

c87f83cb7568c13d1049f8308fe2fea0
SHA1

984ba41328e151cb09c39dd66a98ceb76b3db8c1
SHA256

cc7b6a1d27e2c8f4606dd8c6d5746eba33b7ac47a5d032151ceeeaa6ebc184eb
SHA512

1d7d2c5b6e891cbaf0bdc95eb2b430dbe17036400c142a0e8a72b7b87b31323dd56c31a7e77f08a71fde8864269598067a5f287a17e1d29fbea2dc0b216dc90c
SSDEEP

12288:gCGECvxGbhNbsmJvTaw82DhmkF6jvYG11zqfFIkXIu:jCpGTbaghmkivYGXcFY

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

grv

Decoy

morganofatlanta.com

vz473.com

hengetelt.com

bailcally.com

virtuosoonline.com

tenthousandli.com

ohanamascota.com

digi-plates.com

prismagtech.com

we-cinema.com

372680.com

smartautoexpert.xyz

mrxzg.com

apartment-brussels.com

reverseincubator.com

linkasean.com

yummicrabva.com

diguchaye.com

reaktorfatura.com

thecatsaysno.com

Targets

- Target
  
  cc7b6a1d27e2c8f4606dd8c6d5746eba33b7ac47a5d032151ceeeaa6ebc184eb
- Size
  
  622KB
- MD5
  
  c87f83cb7568c13d1049f8308fe2fea0
- SHA1
  
  984ba41328e151cb09c39dd66a98ceb76b3db8c1
- SHA256
  
  cc7b6a1d27e2c8f4606dd8c6d5746eba33b7ac47a5d032151ceeeaa6ebc184eb
- SHA512
  
  1d7d2c5b6e891cbaf0bdc95eb2b430dbe17036400c142a0e8a72b7b87b31323dd56c31a7e77f08a71fde8864269598067a5f287a17e1d29fbea2dc0b216dc90c
- SSDEEP
  
  12288:gCGECvxGbhNbsmJvTaw82DhmkF6jvYG11zqfFIkXIu:jCpGTbaghmkivYGXcFY
Score

10^/10

formbook grv rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2