formbook

General

Target

Inv_7623980.rar
Size

526KB
Sample

230519-jsn1tsfe41
MD5

da3970f95716efa57f80ce202111c26d
SHA1

a551f2ff2a0fef51362df45251f81539981ce9f8
SHA256

19212e9ee735e4b773671add4df8b9ac059ce9d59011238044b17643ad8e14fe
SHA512

b67ec298aef6e57a8206e27bd582b0bce90827f3274dd17a87a520f06c33578d037c310ccc5ab3725e630fb63fe0b3bb5b9e2c2739f2634059d19b407964e6de
SSDEEP

12288:puH6DlJ0p+PVRx9cX3Ygvx8HEc2tLpFHaWSkAGkYnth2OH:MH6DlJ/NR+33c2tL2kAIh2OH

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

m82

Decoy

jamesdevereux.com

artificialturfminneapolis.com

hongmeiyan.com

lojaderoupasbr.com

yit.africa

austinrelocationexpert.com

saiva.page

exitsategy.com

chochonux.com

klosterbraeu-unterliezheim.com

byseymanur.com

sblwarwickshire.co.uk

brazimaid.com

ciogame.com

bronzesailing.com

dwkapl.xyz

022dyd.com

compassandpathwriting.com

alphabet1x.com

selfcleaninghairbrush.co.uk

Targets

- Target
  
  Inv_7623980.exe
- Size
  
  711KB
- MD5
  
  9fefd93d8530102d9b1689d0aa233e51
- SHA1
  
  6c3f12a9fa864ac8c783da3f2a5b75254a692f85
- SHA256
  
  3017b026d0925919ad8085d523f83235fa84ead58d1399576e60e6183003820e
- SHA512
  
  45754db3bd5cc9d11d42f5b226efceac2b9694188e5843ccc28b103b005776e92b859f0fcdb7a192b7ed22fd00001ee21c15def22446c8deb07e2375a9ccb3e5
- SSDEEP
  
  12288:4MqBGppnzSOTzo6rv625OPX4EaxKqHcTZK9Mlr:9q0pBSOTc6Dn5MX4uq8Zz
Score

10^/10

formbook m82 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2