formbook

General

Target

Inv_7623980.exe
Size

716KB
Sample

230504-gmfq6aab84
MD5

866992e686690dd0c538561db3d2b85b
SHA1

050d57066eef80c7099a3be4816c44aae94d63de
SHA256

d30f415758c3cab377c63b3dd5a043d83d153c47a8f6aae56e88c5868d090556
SHA512

e2d8a02b45f2dad782dc33d06b1877c5786491c5db34857d1b2d940c158f47bcde8f1db6950ba850da9e838c9d9883617b3117bf206b578efe5eabcbed0338e1
SSDEEP

12288:6svC6YN1PTGEDUuw23Klrf7QauaCVo9Sep8ceibRdcEBFEqdYG:sLDqDULrogfcVBFEqdY

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

m82

Decoy

jamesdevereux.com

artificialturfminneapolis.com

hongmeiyan.com

lojaderoupasbr.com

yit.africa

austinrelocationexpert.com

saiva.page

exitsategy.com

chochonux.com

klosterbraeu-unterliezheim.com

byseymanur.com

sblwarwickshire.co.uk

brazimaid.com

ciogame.com

bronzesailing.com

dwkapl.xyz

022dyd.com

compassandpathwriting.com

alphabet1x.com

selfcleaninghairbrush.co.uk

Targets

- Target
  
  Inv_7623980.exe
- Size
  
  716KB
- MD5
  
  866992e686690dd0c538561db3d2b85b
- SHA1
  
  050d57066eef80c7099a3be4816c44aae94d63de
- SHA256
  
  d30f415758c3cab377c63b3dd5a043d83d153c47a8f6aae56e88c5868d090556
- SHA512
  
  e2d8a02b45f2dad782dc33d06b1877c5786491c5db34857d1b2d940c158f47bcde8f1db6950ba850da9e838c9d9883617b3117bf206b578efe5eabcbed0338e1
- SSDEEP
  
  12288:6svC6YN1PTGEDUuw23Klrf7QauaCVo9Sep8ceibRdcEBFEqdYG:sLDqDULrogfcVBFEqdY
Score

10^/10

formbook m82 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2