formbook

General

Target

c8702255a89a489a0e9dbad263a8f491038191c78a20f6cf57429af09b2c2dda.exe
Size

807KB
Sample

221207-qfhrlsfa32
MD5

458132ead8d6b28dc153956a514a2c27
SHA1

434f76cc3ac8fa7f36e1e4c87944eb6036affd3b
SHA256

c8702255a89a489a0e9dbad263a8f491038191c78a20f6cf57429af09b2c2dda
SHA512

3b9d708da96e5ba98bbd7c2b606ef41863928c02c682d604a9f6b76fcad8281ca3e8216a9799d2e6d1c6c514800e1d4f536899c31223a3f205b9cb475ae1fe49
SSDEEP

24576:vr18+L74mBfNUstzokjSU4mpfT6Cm3r8JN:vrEU4mpmCmI

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

g25e

Decoy

2491254125.xyz

hookd.gay

uxmelange.com

startupvision3.com

evanwoosley-reed.com

uspalupdser.info

lx0599.com

grupoiaez.com

londonpapershop.com

cremas.store

risespec.com

olivierverdoyant.com

creatednow.com

epicureanhometreats.com

iqijp.com

vcraftboutique.com

furnaristudios.com

dealsgolf.com

djwoojs.com

boatslave.com

Targets

- Target
  
  c8702255a89a489a0e9dbad263a8f491038191c78a20f6cf57429af09b2c2dda.exe
- Size
  
  807KB
- MD5
  
  458132ead8d6b28dc153956a514a2c27
- SHA1
  
  434f76cc3ac8fa7f36e1e4c87944eb6036affd3b
- SHA256
  
  c8702255a89a489a0e9dbad263a8f491038191c78a20f6cf57429af09b2c2dda
- SHA512
  
  3b9d708da96e5ba98bbd7c2b606ef41863928c02c682d604a9f6b76fcad8281ca3e8216a9799d2e6d1c6c514800e1d4f536899c31223a3f205b9cb475ae1fe49
- SSDEEP
  
  24576:vr18+L74mBfNUstzokjSU4mpfT6Cm3r8JN:vrEU4mpmCmI
Score

10^/10

formbook g25e rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2