formbook

General

Target

651404e566b5d65563d62eeca4c89c4b1ae3ed40fb440819b233f576c91d1cc0.exe
Size

697KB
Sample

221207-qacneaeh96
MD5

5e14c731e0b4f67493b838262b7364cb
SHA1

47437d61e5e025ae8e6f7d4a6172edeead8e29c1
SHA256

651404e566b5d65563d62eeca4c89c4b1ae3ed40fb440819b233f576c91d1cc0
SHA512

65a8ee82d4f4ec9a9f3574ab5a603ffd08ee028865fa67b09c62e36b4c83f500ae1c376b43a55265760879a8b057f7f47e75651c8076523f85e315af1de078ee
SSDEEP

12288:+4Vgh/PsZ1DX/VDJI6J8TOmb0PIL1gHH4WfgLO5zsJr:BVgh/PU8/QPhHY5O5QJr

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

g28p

Decoy

whhmgs.asia

wellmedcaredirect.net

beggarded.com

wtpjiv.site

todo-celulares.com

parkitny.net

43345.top

pro-genie.com

cwdxz.com

cbc-inc.xyz

healthspots.net

rulil.top

pyramidaudit.solutions

k8sb15.live

hempaware.report

usclink.life

stayefs.net

05262.top

shop-izakaya-jin.com

iccworldcupnews.com

Targets

- Target
  
  651404e566b5d65563d62eeca4c89c4b1ae3ed40fb440819b233f576c91d1cc0.exe
- Size
  
  697KB
- MD5
  
  5e14c731e0b4f67493b838262b7364cb
- SHA1
  
  47437d61e5e025ae8e6f7d4a6172edeead8e29c1
- SHA256
  
  651404e566b5d65563d62eeca4c89c4b1ae3ed40fb440819b233f576c91d1cc0
- SHA512
  
  65a8ee82d4f4ec9a9f3574ab5a603ffd08ee028865fa67b09c62e36b4c83f500ae1c376b43a55265760879a8b057f7f47e75651c8076523f85e315af1de078ee
- SSDEEP
  
  12288:+4Vgh/PsZ1DX/VDJI6J8TOmb0PIL1gHH4WfgLO5zsJr:BVgh/PU8/QPhHY5O5QJr
Score

10^/10

formbook g28p rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2