formbook

General

Target

revised order.exe
Size

999KB
Sample

230519-lbbqaafh3s
MD5

636227723ccecd4a363b94e6682e444c
SHA1

046b3afdbb518c8e85614075a4c8a5b6f4f4db34
SHA256

7cdbc9e74ca8d6119202864a709809712505bac9f32b6d60c552f01a1ac090c3
SHA512

e7797d6f9c6310369578f8f3a7a7249c3c2170999cedcac54ef970b28d6addf11ad8e1dcd6185b2a05bf043449f0d6650a4bdcc3101f14ce544082575b342e06
SSDEEP

12288:rS8hue/3H1Jdo/aNnIPVVkD2jFPCi9vgU9Ri28jlla945wbpoMJZztKNTuY4ICeF:rBPo/aGtVkDkFX/8jqRbFJnKhuYT7lP

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

m82

Decoy

jamesdevereux.com

artificialturfminneapolis.com

hongmeiyan.com

lojaderoupasbr.com

yit.africa

austinrelocationexpert.com

saiva.page

exitsategy.com

chochonux.com

klosterbraeu-unterliezheim.com

byseymanur.com

sblwarwickshire.co.uk

brazimaid.com

ciogame.com

bronzesailing.com

dwkapl.xyz

022dyd.com

compassandpathwriting.com

alphabet1x.com

selfcleaninghairbrush.co.uk

Targets

- Target
  
  revised order.exe
- Size
  
  999KB
- MD5
  
  636227723ccecd4a363b94e6682e444c
- SHA1
  
  046b3afdbb518c8e85614075a4c8a5b6f4f4db34
- SHA256
  
  7cdbc9e74ca8d6119202864a709809712505bac9f32b6d60c552f01a1ac090c3
- SHA512
  
  e7797d6f9c6310369578f8f3a7a7249c3c2170999cedcac54ef970b28d6addf11ad8e1dcd6185b2a05bf043449f0d6650a4bdcc3101f14ce544082575b342e06
- SSDEEP
  
  12288:rS8hue/3H1Jdo/aNnIPVVkD2jFPCi9vgU9Ri28jlla945wbpoMJZztKNTuY4ICeF:rBPo/aGtVkDkFX/8jqRbFJnKhuYT7lP
Score

10^/10

formbook m82 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2