formbook

General

Target

Shipping Documents.exe
Size

1.1MB
Sample

230529-lw79zsbb64
MD5

501077473c7260aa94be655173c8ad40
SHA1

dc677d38541268f2c4a42eb8ba71a6960a04efb3
SHA256

34834d278c8c71e3cc9d152c073cc444781465c285648630a1be19afab1abd24
SHA512

17a8e6021f6dccb9b5848ca6bc02146bd4a8242cf51f6bacbf6b732e7d0e97297337df729b4fd1f7f0abc0a0756122f0fd2a8495416504be65b275208b7e2ae3
SSDEEP

12288:5TLaa0X6S2iN6dn1tWKeMTmHY31v8nhaIdpMdZHs747yr5i6cNOYV2nw:Y510313TC0JIdks7iIv1bw

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ca82

Decoy

idunresearch.com

loiioo1.site

aimobilify.com

limousineswebdesign.com

darshan-enterprises.online

javad.top

dd-spy.com

metamysme.co.uk

earticlesdirect.com

ldkj78v.vip

dariusevory.com

bestyoutubepromoter.com

dogcoinacademy.com

mestredosexo.net

mrnofree.africa

plan.rsvp

hoangnam.site

cadcamperform.com

091888.net

artwaylogistics.com

Targets

- Target
  
  Shipping Documents.exe
- Size
  
  1.1MB
- MD5
  
  501077473c7260aa94be655173c8ad40
- SHA1
  
  dc677d38541268f2c4a42eb8ba71a6960a04efb3
- SHA256
  
  34834d278c8c71e3cc9d152c073cc444781465c285648630a1be19afab1abd24
- SHA512
  
  17a8e6021f6dccb9b5848ca6bc02146bd4a8242cf51f6bacbf6b732e7d0e97297337df729b4fd1f7f0abc0a0756122f0fd2a8495416504be65b275208b7e2ae3
- SSDEEP
  
  12288:5TLaa0X6S2iN6dn1tWKeMTmHY31v8nhaIdpMdZHs747yr5i6cNOYV2nw:Y510313TC0JIdks7iIv1bw
Score

10^/10

formbook ca82 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2