formbook

General

Target

shipment document_for your review_2543846930.exe
Size

730KB
Sample

230420-qf3f1sca4x
MD5

daf38969ea84ef75b59a19518ecb825c
SHA1

ffad234dfc77ff46bd7872cf469823cc33c719c0
SHA256

bd407e66453e00d96368122b1d8761c995aa3a9606995dbd46ec1629debb18ed
SHA512

22812c7dac0d6c5344edd45b81f455945f670c656384f386cb1fe9fafa6331a7862e985374f23b4cbc7d57e2e73b890be1c539009d12f677f38a8b6831ad78cd
SSDEEP

12288:uDiE3lkHMH91DzZZlEOfaNbv6dxx99WKvkdsua9cFcPVl/4A/pH:uDlkHMd1DtXANbvkt9WKusuhFcPVxVH

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

c29i

Decoy

chrestheryulelog.com

awesomecustomerservice.com

4455m.net

vonek76k.com

zwelishaprojects.africa

bbangnmoolgogi.com

howickmenswears.com

ba225.com

ipl2018livescore.com

ohprovider.co.uk

handymanservices.shop

1wzxtq.top

busy-people-gifts.com

invited.rsvp

heihei.fun

micloudlogin.page

hwyi1319.com

alitechnologyes.com

hysminai.com

liuyikj.com

Targets

- Target
  
  shipment document_for your review_2543846930.exe
- Size
  
  730KB
- MD5
  
  daf38969ea84ef75b59a19518ecb825c
- SHA1
  
  ffad234dfc77ff46bd7872cf469823cc33c719c0
- SHA256
  
  bd407e66453e00d96368122b1d8761c995aa3a9606995dbd46ec1629debb18ed
- SHA512
  
  22812c7dac0d6c5344edd45b81f455945f670c656384f386cb1fe9fafa6331a7862e985374f23b4cbc7d57e2e73b890be1c539009d12f677f38a8b6831ad78cd
- SSDEEP
  
  12288:uDiE3lkHMH91DzZZlEOfaNbv6dxx99WKvkdsua9cFcPVl/4A/pH:uDlkHMd1DtXANbvkt9WKusuhFcPVxVH
Score

10^/10

formbook c29i rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2