formbook

General

Target

SecuriteInfo.com.Win32.RATX-gen.2018.30304.exe
Size

946KB
Sample

221208-ll2z8ace5x
MD5

591e345ed1a7fa929b80cce8790e460f
SHA1

9992eadbc531dce1185f22b360410cbd11bd1989
SHA256

663d25f6a1e39bebdacdb5164e441faaa4466a00ed636b360c1d981a5f92c5d8
SHA512

f765de77da52cb578a3a2a7ab0f3d8a34baa96db982f972dbe3bead73e418992ea5bf018b3619556ef83a9d05342b7c176579982fd017b9eeee3c75269dd7863
SSDEEP

24576:sqndl9aebRk+T7CYWL1wCE7HuzsthZmBHG:Ld3pbq+nnWL1w3TTthSH

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ndgi

Decoy

vuicotvxrejp3il.xyz

w3fa6.net

sappuno02.com

konstruksirumah.xyz

usalifehealth.com

and1f.xyz

atenmentfstinfdow.beauty

primepipe.net

roundhouseny.com

alexandermcqueen.icu

transporteavalos.com

spankmetaverse.xyz

jhccowholesale.com

bielefeldgebaeudereinigung.com

saintraphaelschool.com

larifaa.online

dejabrew.info

izabelaeraphael.com

granniestoneet.com

greensourceseed.com

Targets

- Target
  
  SecuriteInfo.com.Win32.RATX-gen.2018.30304.exe
- Size
  
  946KB
- MD5
  
  591e345ed1a7fa929b80cce8790e460f
- SHA1
  
  9992eadbc531dce1185f22b360410cbd11bd1989
- SHA256
  
  663d25f6a1e39bebdacdb5164e441faaa4466a00ed636b360c1d981a5f92c5d8
- SHA512
  
  f765de77da52cb578a3a2a7ab0f3d8a34baa96db982f972dbe3bead73e418992ea5bf018b3619556ef83a9d05342b7c176579982fd017b9eeee3c75269dd7863
- SSDEEP
  
  24576:sqndl9aebRk+T7CYWL1wCE7HuzsthZmBHG:Ld3pbq+nnWL1w3TTthSH
Score

10^/10

formbook ndgi rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2