formbook

General

Target

54b4c3f832346a4279c888ad64c33632.exe
Size

869KB
Sample

221223-e647rafh45
MD5

54b4c3f832346a4279c888ad64c33632
SHA1

0b37463437aedc6d202fdd9104c207d1b6b6e970
SHA256

13b3e8cb037ad76af405c4c7d0d73aecd0041a2a0e4c977052ffeba0e843aebd
SHA512

7e3af4770c01c22be4b4533514ed81c979cee73ea89bc4dc058c41620cc5522ec824791d82ba2ade56b1170e04e79fd027c21167c492ff7578f03810158b4fd5
SSDEEP

12288:1Pf+mDXttarruVBDUJvnVhcJ+9saaGUau3FlrhiK3V2GpGLprSkKIvreKv+Xw5/a:V2a5fLrsmEaES4yKN/KpE79TNoimH80

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

vr84

Decoy

intouchenergy.co.uk

lalumalkaliram.com

hillgreenholidays.co.uk

fluentliteracy.com

buildingworkerpower.com

by23577.com

gate-ch375019.online

jayess-decor.com

larkslife.com

swsnacks.co.uk

bigturtletiny.com

egggge.xyz

olastore.africa

lightshowsnewengland.com

daily-lox.com

empireoba.com

91302events.com

lawrencecountyfirechiefs.com

abrahamslibrary.com

cleaner365.online

Targets

- Target
  
  54b4c3f832346a4279c888ad64c33632.exe
- Size
  
  869KB
- MD5
  
  54b4c3f832346a4279c888ad64c33632
- SHA1
  
  0b37463437aedc6d202fdd9104c207d1b6b6e970
- SHA256
  
  13b3e8cb037ad76af405c4c7d0d73aecd0041a2a0e4c977052ffeba0e843aebd
- SHA512
  
  7e3af4770c01c22be4b4533514ed81c979cee73ea89bc4dc058c41620cc5522ec824791d82ba2ade56b1170e04e79fd027c21167c492ff7578f03810158b4fd5
- SSDEEP
  
  12288:1Pf+mDXttarruVBDUJvnVhcJ+9saaGUau3FlrhiK3V2GpGLprSkKIvreKv+Xw5/a:V2a5fLrsmEaES4yKN/KpE79TNoimH80
Score

10^/10

formbook vr84 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2