formbook

General

Target

d67d9bf7354e7969abe6a4ced998b145.bin
Size

615KB
Sample

230426-b9halsec94
MD5

78c3234feea68c6528ce9b03a751a9e1
SHA1

d2a05de02295916d8f4acd11fdd588417b5062bd
SHA256

d8a138fbcb8fd354203f749dcd8e70f21a19af4935bb3cd9f34fa3ac74ce561b
SHA512

599283fdfa46633da0beb6ed0600cbc1792b6b5ffe4d9c5b95f470b47978ea2a05237d739d999de6423c66ab8bb5efb2d8c7721e6cbf805f600db54aa6509d5a
SSDEEP

12288:sgdGHSiugxRr6RuPdFOwouAPbQO7i7Qa/QuLvfjCAQKYa5RR5:3dGH64R6RgOwhk7iZ9vf2dKY6RR5

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

btrd

Decoy

toulouse.gold

launchyouglobal.com

margarita-services.com

dasnail.club

casa-hilo.com

hardscapesofflorida.com

thepositivitypulse.com

kkmyanev.cfd

love6ace22.top

castorcruise.com

chch6.com

h59f07jy.cfd

saatvikteerthyatra.com

fxsecuretrading-option.com

mostbet-k1o.click

36-m.beauty

ko-or-a-news.com

eurekatextile.com

gynlkj.com

deepsouthcraftsman.com

Targets

- Target
  
  c643ce9cf3045a605b3ed588dc7e992de791468c841013fcdb310e751b237ad3.exe
- Size
  
  718KB
- MD5
  
  d67d9bf7354e7969abe6a4ced998b145
- SHA1
  
  12ac15d5eb62eb68f88d6bd149497a57e43e6fa2
- SHA256
  
  c643ce9cf3045a605b3ed588dc7e992de791468c841013fcdb310e751b237ad3
- SHA512
  
  e7c15ba7dbbdd0d7ea7103079feead806252dbf80a0d129f15c400614703e3380d1c6c68984dad1f932d5ef7d10a28867667ee5fc13413498546ad41d3806204
- SSDEEP
  
  12288:0ZgjjkkCS3OydyH73bJ4gnVfo2ZQTR23onxpQH3oJSAT1i1NFW49Mx:0ZgjjkkCSPySN2ZQk4nxQ3cF0Mx
Score

10^/10

formbook btrd rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2