formbook

General

Target

5868cacef685463a6d4ff4d34f487d09e844511fd4d0f22b4c7ab00a92a2818a.exe
Size

814KB
Sample

221201-nsd8vagg4w
MD5

eccc5475dd661be20724e6b8a131f664
SHA1

adbd86d7ccdab284d0080f0a08e3d426a8df21b8
SHA256

5868cacef685463a6d4ff4d34f487d09e844511fd4d0f22b4c7ab00a92a2818a
SHA512

f61dfbb25c44e9bcc5334b95c1c54c2275876ee50610995dfda2fc6090b9b05e5da66831d288b53e313b6c1aec4b0e24d001792425965914eb03f6d6bdfd19c6
SSDEEP

12288:vFyMNTl159j9G9+a3DY366UqXbAyBWWapIg95lvTHRyoY:3b1XZGAaT56VrAyepIgvpjRpY

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

g28p

Decoy

whhmgs.asia

wellmedcaredirect.net

beggarded.com

wtpjiv.site

todo-celulares.com

parkitny.net

43345.top

pro-genie.com

cwdxz.com

cbc-inc.xyz

healthspots.net

rulil.top

pyramidaudit.solutions

k8sb15.live

hempaware.report

usclink.life

stayefs.net

05262.top

shop-izakaya-jin.com

iccworldcupnews.com

Targets

- Target
  
  5868cacef685463a6d4ff4d34f487d09e844511fd4d0f22b4c7ab00a92a2818a.exe
- Size
  
  814KB
- MD5
  
  eccc5475dd661be20724e6b8a131f664
- SHA1
  
  adbd86d7ccdab284d0080f0a08e3d426a8df21b8
- SHA256
  
  5868cacef685463a6d4ff4d34f487d09e844511fd4d0f22b4c7ab00a92a2818a
- SHA512
  
  f61dfbb25c44e9bcc5334b95c1c54c2275876ee50610995dfda2fc6090b9b05e5da66831d288b53e313b6c1aec4b0e24d001792425965914eb03f6d6bdfd19c6
- SSDEEP
  
  12288:vFyMNTl159j9G9+a3DY366UqXbAyBWWapIg95lvTHRyoY:3b1XZGAaT56VrAyepIgvpjRpY
Score

10^/10

formbook g28p rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2