formbook

General

Target

Confrim.exe
Size

1.1MB
Sample

221209-te5rjagd4t
MD5

d679583f6e4de9524e8d60f3cfe343eb
SHA1

f321f520befb48399c77e72ab90985f332a2e787
SHA256

a1faaf24f8676e7de55b25544733a19cd47901d8bfdf678fd9c9aab0d6830c28
SHA512

18802914832308dd714b404de7b276fe2a4cdd627c41168cd76c5a56405ff0c6e489de34e16cc3b4583592dca589547c092709d997a18578da8d733a05b14c84
SSDEEP

24576:kfFpFl4M4+rPVketaBTKwNtB1G+GFHBTHG:khABTKIiBjG

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

he2a

Decoy

connectioncompass.store

zekicharge.com

dp77.shop

guninfo.guru

mamaeconomics.net

narcisme.coach

redtopassociates.com

ezezn.com

theoregondog.com

pagosmultired.online

emsculptcenterofne.com

meet-friends.online

pf326.com

wealthjigsaw.xyz

arsajib.com

kickassholdings.online

avaturre.biz

dtslogs.com

lb92.tech

pittalam.com

Targets

- Target
  
  Confrim.exe
- Size
  
  1.1MB
- MD5
  
  d679583f6e4de9524e8d60f3cfe343eb
- SHA1
  
  f321f520befb48399c77e72ab90985f332a2e787
- SHA256
  
  a1faaf24f8676e7de55b25544733a19cd47901d8bfdf678fd9c9aab0d6830c28
- SHA512
  
  18802914832308dd714b404de7b276fe2a4cdd627c41168cd76c5a56405ff0c6e489de34e16cc3b4583592dca589547c092709d997a18578da8d733a05b14c84
- SSDEEP
  
  24576:kfFpFl4M4+rPVketaBTKwNtB1G+GFHBTHG:khABTKIiBjG
Score

10^/10

formbook he2a rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2