formbook

General

Target

tmp
Size

1.0MB
Sample

230313-2chg8aed4t
MD5

22b7779314863ab98fdb44998b720eda
SHA1

613cf1c86321deac5a0a172b4290ca9b2fe1196a
SHA256

9784d4f3af63382e92105496844b25bc4e42e92305b7707c3fd6451c98c391f6
SHA512

bf133c5723b0056d5014e06207b1a1064e15c60304e14dcad0acd5427c179685ddf6a8f152406c2c8161d62530996cb89540e360f14966a9d3fb535cfd4dc68b
SSDEEP

12288:Wpl1K8tUyZmMRxEy0g6DxV54CRNCxOR3Is2OTo65dwWm2OKQqEsPEDigaDNlhXIg:FVC8hRMOTo65dwW1OKZ7PEDqNv4WaEw

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

dr62

Decoy

juanbrujo.com

toptasker.africa

g-labs.one

1redbuckpermonth.com

lasolutions.online

beginagainmen.com

iearn.site

leading-car.ru

codigosindiabetes.fun

6y8ud.bond

fptmarket.shop

ctjhxv3.vip

huluxia2.xyz

piggg08.uk

kms-pico-tools.com

westonandcate.com

giftrendz.com

kqwdhrendfywefdst.top

anchitchoudhary.com

sistemodasi.net

Targets

- Target
  
  tmp
- Size
  
  1.0MB
- MD5
  
  22b7779314863ab98fdb44998b720eda
- SHA1
  
  613cf1c86321deac5a0a172b4290ca9b2fe1196a
- SHA256
  
  9784d4f3af63382e92105496844b25bc4e42e92305b7707c3fd6451c98c391f6
- SHA512
  
  bf133c5723b0056d5014e06207b1a1064e15c60304e14dcad0acd5427c179685ddf6a8f152406c2c8161d62530996cb89540e360f14966a9d3fb535cfd4dc68b
- SSDEEP
  
  12288:Wpl1K8tUyZmMRxEy0g6DxV54CRNCxOR3Is2OTo65dwWm2OKQqEsPEDigaDNlhXIg:FVC8hRMOTo65dwW1OKZ7PEDqNv4WaEw
Score

10^/10

formbook dr62 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2