formbook

General

Target

d9f11abb5fbd7478a8fe993cfe8aac52.exe
Size

762KB
Sample

230330-wcajqafa81
MD5

d9f11abb5fbd7478a8fe993cfe8aac52
SHA1

4ef674f52ba7fb3d8f6ba2ddd2466b5da24b9b20
SHA256

91d502f918a232073359481d07dc7ba2d21b7675bcdc3e3cd0440f1cc9557833
SHA512

249691279cf3c7e04e757eb1300e88c748245f4cd5e5029fb9dd7eea6de943d7cf4b3dc831b8ce84b96f43e11300f2071b3d5c6866fbd436cc038fd53fd063bd
SSDEEP

12288:NQxxBLyywVex3ozH9eqFYLIIm3JkKNzXsle5Cocz6:NknwVegHsqFIliBzXs8

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ne28

Decoy

basic-careitem.net

healstockton.com

groupetalentapro.com

geseconevent.com

adornmentwithadrienne.com

lazylynx.se

forestwerx.com

labishu.com

hilykan.com

beyondyoursenses.co.uk

inno-imc.com

driverrehab.online

mantlepies.co.uk

sicepat.net

kiwitownkids.com

infiniumsource.com

motorsolutionswithmakro.co.uk

6pg.shop

zijlont.xyz

corpusskencar.com

Targets

- Target
  
  d9f11abb5fbd7478a8fe993cfe8aac52.exe
- Size
  
  762KB
- MD5
  
  d9f11abb5fbd7478a8fe993cfe8aac52
- SHA1
  
  4ef674f52ba7fb3d8f6ba2ddd2466b5da24b9b20
- SHA256
  
  91d502f918a232073359481d07dc7ba2d21b7675bcdc3e3cd0440f1cc9557833
- SHA512
  
  249691279cf3c7e04e757eb1300e88c748245f4cd5e5029fb9dd7eea6de943d7cf4b3dc831b8ce84b96f43e11300f2071b3d5c6866fbd436cc038fd53fd063bd
- SSDEEP
  
  12288:NQxxBLyywVex3ozH9eqFYLIIm3JkKNzXsle5Cocz6:NknwVegHsqFIliBzXs8
Score

10^/10

formbook ne28 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2