formbook

General

Target

ce6f86b448dca8eade4bc43aac4cc5cf4692bdfb
Size

861KB
Sample

230104-p2sy2aff26
MD5

69c7175b6059bc3ef1f2d115e8f849a3
SHA1

ce6f86b448dca8eade4bc43aac4cc5cf4692bdfb
SHA256

9ba86919308607097ed2da7d7857626435ab53b8b00b88f826fb1f403013fc7c
SHA512

093d47fac1cf86a8f9c47a44a33977b5548024b037196350e49eb8363ff333e2ade232c9b02dd1a6ff2742c9e81ca11a651d2757e7b11904309f4e0306a27207
SSDEEP

12288:Z3ZKHRfBUCDkdTWrifH7IINt0gpWOJSqLRrSfN9YnZNM0MSvhh7LUQw:5ZofBUCDcTZPWOTdS1Cn/M0MSvfS

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ned5

Decoy

asian-dating-42620.com

ttg06.com

cupandbelle.com

prepaidprocess.com

jrzkt.com

hdgby2.com

finnnann.com

chillpill-shoppygood.com

sfdgg.online

articlerewritertool.net

cdjxsculture.com

omnificare.info

lasafblanch.com

omaxfort.xyz

spk.info

shb1368.com

jewelry-10484.com

hubsp0t.com

shronky.com

yangjh34.com

Targets

- Target
  
  ce6f86b448dca8eade4bc43aac4cc5cf4692bdfb
- Size
  
  861KB
- MD5
  
  69c7175b6059bc3ef1f2d115e8f849a3
- SHA1
  
  ce6f86b448dca8eade4bc43aac4cc5cf4692bdfb
- SHA256
  
  9ba86919308607097ed2da7d7857626435ab53b8b00b88f826fb1f403013fc7c
- SHA512
  
  093d47fac1cf86a8f9c47a44a33977b5548024b037196350e49eb8363ff333e2ade232c9b02dd1a6ff2742c9e81ca11a651d2757e7b11904309f4e0306a27207
- SSDEEP
  
  12288:Z3ZKHRfBUCDkdTWrifH7IINt0gpWOJSqLRrSfN9YnZNM0MSvhh7LUQw:5ZofBUCDcTZPWOTdS1Cn/M0MSvfS
Score

10^/10

formbook ned5 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2