formbook

General

Target

DHL Notification_pdf.exe
Size

888KB
Sample

221207-n2w51sea22
MD5

e9aa2460000ab3dd79d5f13c14158df4
SHA1

70f1735d4d82557b3346be3e87ee7909b06d0602
SHA256

80926a24eb04425a59d95dedcf18097eb5d27e034f8d6f96848a3b4d372fba58
SHA512

1f043c12bb529bdeba90ec59f23d14b3af27183d167510f212f92c1fb84cc4a76a6a5b7a3ef6c44b43680dcab5010dd9fb933a0bc797ead162e4af4990d5f36b
SSDEEP

12288:xoQgKZ/nXt7virmWhlGLaQYIurAiXhOocjfNV4fgRSnlanmlm/cBVPUU64eq5m3T:KPXhOocNV4fgRLHkBBEZl

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

j17j

Decoy

playphf.live

solarthinfilmtec.com

gdhaoshan.com

posh-designs.com

369andrewst.com

doverupblications.com

hengshangmei.com

decungo.com

checksinthemaiil.com

4localde.com

wetakeoveryourhousepayments.com

overcharge-center.com

mmmmmboulder.com

almaszarrin.net

enterpriseturkey.com

lanierfurniture.com

lhzb726-gw021.vip

onuiol.com

dmitrytodosyev.com

117uuu.com

Targets

- Target
  
  DHL Notification_pdf.exe
- Size
  
  888KB
- MD5
  
  e9aa2460000ab3dd79d5f13c14158df4
- SHA1
  
  70f1735d4d82557b3346be3e87ee7909b06d0602
- SHA256
  
  80926a24eb04425a59d95dedcf18097eb5d27e034f8d6f96848a3b4d372fba58
- SHA512
  
  1f043c12bb529bdeba90ec59f23d14b3af27183d167510f212f92c1fb84cc4a76a6a5b7a3ef6c44b43680dcab5010dd9fb933a0bc797ead162e4af4990d5f36b
- SSDEEP
  
  12288:xoQgKZ/nXt7virmWhlGLaQYIurAiXhOocjfNV4fgRSnlanmlm/cBVPUU64eq5m3T:KPXhOocNV4fgRLHkBBEZl
Score

10^/10

formbook j17j rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2