formbook

General

Target

PO610008532.exe
Size

2.0MB
Sample

230516-me7gsshc4y
MD5

b7dc4b65e6239c0d20bcb4b59f5c644c
SHA1

e166cebfa0fb6e9e04f64f2f61dca71b49ef9e44
SHA256

3fc300b0b16fefb8d0dc08f09803d7dbff6be6ea2a4c87833fb285499a3fc6f0
SHA512

851b73419737a32ce06701e1d5ecbc32be6a5777709460a81afdc92d2b8ca322ae3fd93650610959f7921b41ae5ef99d2859a9949918f94fe4a673b759ed2607
SSDEEP

12288:D/cOS13ZjYXegrTuXXlC+pEXdOMnmfVWWd8wWDOZQgOxwr:afPWDOZQ

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

wm23

Decoy

ntjhe.com

180yq.com

bcxlb.com

haefelinger.net

bkwbroadcasting.com

kastraestates.co.uk

ayasca.com

89spa.com

denizmobile-com-tr.net

5nrb3v.site

dewi.africa

darnacme.online

satovsky.rsvp

deluxhomefurnishings.com

igminitruckersolingen.com

celtictransportie.com

deltakrian.com

bassettsrestauranttogo.com

digitalcharts.xyz

glassbong.life

Targets

- Target
  
  PO610008532.exe
- Size
  
  2.0MB
- MD5
  
  b7dc4b65e6239c0d20bcb4b59f5c644c
- SHA1
  
  e166cebfa0fb6e9e04f64f2f61dca71b49ef9e44
- SHA256
  
  3fc300b0b16fefb8d0dc08f09803d7dbff6be6ea2a4c87833fb285499a3fc6f0
- SHA512
  
  851b73419737a32ce06701e1d5ecbc32be6a5777709460a81afdc92d2b8ca322ae3fd93650610959f7921b41ae5ef99d2859a9949918f94fe4a673b759ed2607
- SSDEEP
  
  12288:D/cOS13ZjYXegrTuXXlC+pEXdOMnmfVWWd8wWDOZQgOxwr:afPWDOZQ
Score

10^/10

formbook wm23 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2