formbook

General

Target

SecuriteInfo.com.Win64.PWSX-gen.25018.24932.exe
Size

553KB
Sample

221205-w7q5ysec93
MD5

0a980f3bf229381c16b1a756fbf5f5c7
SHA1

94df4edd4f776b4fe2f32b198373b13641dcbec0
SHA256

6e6dab1a248e5205aca778a9e1e2135f7f888cbd5d1edf4debe0efb6cda89fa7
SHA512

2cb0d46940e40ac9451b252ec205786689e74c3dd549fd48883989ac9e1f8b292d8695c624ef5d86c848e0858c446f6fe86a47cffd9aee001fcd945855687666
SSDEEP

12288:JxKCYox8CiJoyRo3a5BUwnYZ/eZD2JZoxEkigK:PKpoK5Ro3wBXnM/eZcZoe

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

urde

Decoy

belleriacortland.com

gxzyykx.com

blocksholding.net

zhangjiyuan.com

tyfinck.com

xn--v9s.club

xn--72c9at8ec1l.com

dorismart.online

nocodeuni.com

hmmprocesos.website

quartile.agency

iansdogname.com

karengillen.com

the-bitindexprime.info

nthanisolutions.com

nakamu.online

sahityanepal.com

sinwinindustry.com

shotblastwearingparts.com

nstsuccess.com

Targets

- Target
  
  SecuriteInfo.com.Win64.PWSX-gen.25018.24932.exe
- Size
  
  553KB
- MD5
  
  0a980f3bf229381c16b1a756fbf5f5c7
- SHA1
  
  94df4edd4f776b4fe2f32b198373b13641dcbec0
- SHA256
  
  6e6dab1a248e5205aca778a9e1e2135f7f888cbd5d1edf4debe0efb6cda89fa7
- SHA512
  
  2cb0d46940e40ac9451b252ec205786689e74c3dd549fd48883989ac9e1f8b292d8695c624ef5d86c848e0858c446f6fe86a47cffd9aee001fcd945855687666
- SSDEEP
  
  12288:JxKCYox8CiJoyRo3a5BUwnYZ/eZD2JZoxEkigK:PKpoK5Ro3wBXnM/eZcZoe
Score

10^/10

formbook urde rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2