formbook

General

Target

COMMERCAIL INVOICE AND DHL AWB TRACKING DETAILS.exe
Size

661KB
Sample

230523-smwm6agg2y
MD5

52884584e2bbbd4506596bf9cdebd4f1
SHA1

2d1a5c85486065bb8e947148ab2d0b22d87da8ef
SHA256

250a1e2888f6048ef783f5b580b000127d052371042c70b25497fe000ea662b5
SHA512

f807fa5abb52d9acbda3fc4f680324526fb7f898f844503d8df57bfa24f5391b23ba4dcb1471cc233a88c1aefc4bd558201c698edfb8a1623faf741f7faadeeb
SSDEEP

12288:E2iN/tAqWV7ej9J7k5LXkW/qXo59YPHcnN/tqjg8ca:E1htAX0j9wkR8nN/Ejg8ca

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

upa6

Decoy

farmaciadelverde.com

1whcfc.top

djameshomes.com

kylepauley.social

dawncharitabletrust.com

leverdurable.com

bluxban.online

oceansideglass.net

pcdcompusoft.com

dlunion.net

continuumadvisorypartners.com

tvlfood.com

pillblue.co.uk

1win-site-3.top

e32mbe.shop

mawelk.xyz

garage365.online

commonwealthbank.online

xw-04.com

smartcitiesrecruitment.co.uk

Targets

- Target
  
  COMMERCAIL INVOICE AND DHL AWB TRACKING DETAILS.exe
- Size
  
  661KB
- MD5
  
  52884584e2bbbd4506596bf9cdebd4f1
- SHA1
  
  2d1a5c85486065bb8e947148ab2d0b22d87da8ef
- SHA256
  
  250a1e2888f6048ef783f5b580b000127d052371042c70b25497fe000ea662b5
- SHA512
  
  f807fa5abb52d9acbda3fc4f680324526fb7f898f844503d8df57bfa24f5391b23ba4dcb1471cc233a88c1aefc4bd558201c698edfb8a1623faf741f7faadeeb
- SSDEEP
  
  12288:E2iN/tAqWV7ej9J7k5LXkW/qXo59YPHcnN/tqjg8ca:E1htAX0j9wkR8nN/Ejg8ca
Score

10^/10

formbook upa6 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Blocklisted process makes network request
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Blocklisted process makes network request

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2