formbook

General

Target

3b669808616c3307da8c91b91a43db35.exe
Size

795KB
Sample

230207-xmk9msge5y
MD5

3b669808616c3307da8c91b91a43db35
SHA1

337fbe2865cb604dc8cacdd3d5c7ca1e5ba6311c
SHA256

7a4cbe6918c174321d777bd64c6cd6d8c6a3ba69c07a43ca357a691f0ef6a480
SHA512

53939b238ce6e03589f8f33007df785efdc36138385c18962b5c483f452a99f44ff4dce681033c79881a1b8dd4856bd067b71d37dd7b4ccb429022093743a280
SSDEEP

12288:opkCPAXcXnyXx6q1lPBos9QX/tvzNXl6I9/nLfkIHv8QArlIZAZrSF+d49ahRZ5G:GAX1NzFQX//rLf3v8KZaeMd49S5G

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

pe63

Decoy

iparkshonan.com

cahoonset.com

chuliji.com

judiangka.boats

casadecanyonlane.com

hukaol.xyz

websiteclonescripts.com

jjlpoi.com

e-insurance.africa

buketubalonu.com

foruminati.se

12rivalo.xyz

bblifebizsolutions.com

larimarfitness.com

conectado.xyz

511271.com

shpte-energy.net

thewayit.net

jpdentistry.co.uk

aisini5201314.love

Targets

- Target
  
  3b669808616c3307da8c91b91a43db35.exe
- Size
  
  795KB
- MD5
  
  3b669808616c3307da8c91b91a43db35
- SHA1
  
  337fbe2865cb604dc8cacdd3d5c7ca1e5ba6311c
- SHA256
  
  7a4cbe6918c174321d777bd64c6cd6d8c6a3ba69c07a43ca357a691f0ef6a480
- SHA512
  
  53939b238ce6e03589f8f33007df785efdc36138385c18962b5c483f452a99f44ff4dce681033c79881a1b8dd4856bd067b71d37dd7b4ccb429022093743a280
- SSDEEP
  
  12288:opkCPAXcXnyXx6q1lPBos9QX/tvzNXl6I9/nLfkIHv8QArlIZAZrSF+d49ahRZ5G:GAX1NzFQX//rLf3v8KZaeMd49S5G
Score

10^/10

formbook pe63 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2