formbook

General

Target

3c5bcd6427bdec6f9dc27f22123322a3.bin
Size

546KB
Sample

230514-bmmltace51
MD5

4d750abccea8f6b30e31b913264ff4c2
SHA1

dab4fee17dc4f52ce84f87f919fcb8b6a9e2284f
SHA256

fb6aefe01fe80cb008ca78c973a870ec37be812c80dd1cfb4179e2b0f912a4c9
SHA512

71d2839e92055c544f08dfd2ca9ab321cfdb52b01f3b3ac9aa47ea9af1ef9a4d89c27545c61713a67867c242759f5c838eadd3228eb0cf2e435bffa222433a77
SSDEEP

12288:aOO5GeuCGLZOPBbH+wTJr98uxw8t7vlWBmDuQmi2cq899it4q8:ajGeudVOPB6wTouGK7vP522itd8

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

m82

Decoy

jamesdevereux.com

artificialturfminneapolis.com

hongmeiyan.com

lojaderoupasbr.com

yit.africa

austinrelocationexpert.com

saiva.page

exitsategy.com

chochonux.com

klosterbraeu-unterliezheim.com

byseymanur.com

sblwarwickshire.co.uk

brazimaid.com

ciogame.com

bronzesailing.com

dwkapl.xyz

022dyd.com

compassandpathwriting.com

alphabet1x.com

selfcleaninghairbrush.co.uk

Targets

- Target
  
  b9bdf17b0783f5b073ba007091604c0407e825b17ae8ae90bf53d2a2140341ba.exe
- Size
  
  668KB
- MD5
  
  3c5bcd6427bdec6f9dc27f22123322a3
- SHA1
  
  62d8f3e059e55e55ea27de88947689f06cc2551f
- SHA256
  
  b9bdf17b0783f5b073ba007091604c0407e825b17ae8ae90bf53d2a2140341ba
- SHA512
  
  672248efce41e4eace1901cdba6716b915e3c58c559f4cc1f24b7ec9adb7e8f13db44830729561177cc216fa8eaff31ca47faccb27d60fc620ee051a4123d114
- SSDEEP
  
  12288:U6whh2Y4Y8WfDrYfGJ68qDC1Hei74I+9:vwhh2fqrYfGJvqD2P7
Score

10^/10

formbook m82 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2