formbook

General

Target

f0523a3740dcc2d5e2aba1ed1ffa39466017fef13375e0167d71382037175be1
Size

501KB
Sample

230129-v2swxsfe57
MD5

3b92452984ee117a07b0a79d2932f3cb
SHA1

4996654a39d238bb91bb464edfa3d301c516ce69
SHA256

f0523a3740dcc2d5e2aba1ed1ffa39466017fef13375e0167d71382037175be1
SHA512

f8b9944cc675b6d6a331994d6c17bd434670d1438bb9bd449307413e941f0aeb82e18717d40fe68852a0e8923c09186065d2a93d73695ced82930bc036648d06
SSDEEP

12288:J2xbIeZ3fmiS4s5Xkg3Fo9Aqbkd2/z+rA:wbIeZ3unzXkYo9Aqb2s

Score

10^/10

formbook ko rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

3.9

Campaign

ko

Decoy

batatproject.com

mydaxuetang.com

clmproject.com

die-erste-werkstatt.com

constructiveproductions.com

vorhersage.net

jonathanandcolleen.com

crmparis.com

thesexpistolsvevo.com

sauna.media

osmspayments.net

320903.com

keshuotech.com

smpql.com

ssgan75.com

651bifa.com

weyena.com

lauraradu.com

carbuco.com

thejobdocs.com

Targets

- Target
  
  f0523a3740dcc2d5e2aba1ed1ffa39466017fef13375e0167d71382037175be1
- Size
  
  501KB
- MD5
  
  3b92452984ee117a07b0a79d2932f3cb
- SHA1
  
  4996654a39d238bb91bb464edfa3d301c516ce69
- SHA256
  
  f0523a3740dcc2d5e2aba1ed1ffa39466017fef13375e0167d71382037175be1
- SHA512
  
  f8b9944cc675b6d6a331994d6c17bd434670d1438bb9bd449307413e941f0aeb82e18717d40fe68852a0e8923c09186065d2a93d73695ced82930bc036648d06
- SSDEEP
  
  12288:J2xbIeZ3fmiS4s5Xkg3Fo9Aqbkd2/z+rA:wbIeZ3unzXkYo9Aqb2s
Score

10^/10

formbook ko rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2