formbook

General

Target

Booking Details!!.rar
Size

1021KB
Sample

230303-rt6w2ahg95
MD5

620f881771a87875c52fce3965838b30
SHA1

618c66967a4968755a5307d802867fc845ffdedc
SHA256

479ff2dbf4ef796fe69806247f292ad133bb0a3d1cb5049e54cfa07a0912f336
SHA512

221ab7f123572237df51d8055997d45937cae21b99ad57e85b9f3816027c6a2afed00b3da2ca2e933832b99375e83d8649540ec370e30f2214b58f2f428cf445
SSDEEP

24576:S272v89KO+d00pZb5pxwoSdjB3GbLsuEcFc:P2vc3+lhwoSdl36L/U

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

he2a

Decoy

connectioncompass.store

zekicharge.com

dp77.shop

guninfo.guru

mamaeconomics.net

narcisme.coach

redtopassociates.com

ezezn.com

theoregondog.com

pagosmultired.online

emsculptcenterofne.com

meet-friends.online

pf326.com

wealthjigsaw.xyz

arsajib.com

kickassholdings.online

avaturre.biz

dtslogs.com

lb92.tech

pittalam.com

Targets

- Target
  
  Booking Details!!.exe
- Size
  
  1.3MB
- MD5
  
  d74ade79fdf326fbb5ab6e9cf1d7280d
- SHA1
  
  148e1d75fc89aa2871523ff4a479c7cc821fd277
- SHA256
  
  296abb33b7337fa594b7a28aaa0793ff1e7218b97974fe1764a0773f8962fbdd
- SHA512
  
  9e1ed564c1b1ca5c2c026da504a8c234ae3e14be061a53cc220a225feaf18d96b517b9d4dae1ddb31cde872d62b49f20f15b24700c59fab52362fb6818534fda
- SSDEEP
  
  24576:LnluD7SzYdJd2jfYfkreLTqlTIrI+xjNJtbmJvaerVPsX3vT0xbCA6/+otq:Llu3SzYjdSNrehrIIjDtbmJHq/Qha+3
Score

10^/10

formbook he2a rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2