formbook

General

Target

Release Pending.rar
Size

979KB
Sample

230602-mrhdfabd5t
MD5

44140c0e9a29e8d62db656b799bcd534
SHA1

3eabf5292dd744f8823269c56fa14858675f6242
SHA256

6ba41a457ec592e2539b9a1fca52ac5ea91288b04150edc01c6db17270ebaafa
SHA512

d53f2dbe114e834bed1b2d2afa4770e9132ec8304107d99810b9585ddc4cead01338663994b51e2b724e9e33aa49179ce273629d9eee62eaa1788c7909b131e0
SSDEEP

24576:7fumamvv6mb+idxDtG+6LpRwxpBf9x/g9I9:7movim6SxwDL/EpBfGI9

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

he2a

Decoy

connectioncompass.store

zekicharge.com

dp77.shop

guninfo.guru

mamaeconomics.net

narcisme.coach

redtopassociates.com

ezezn.com

theoregondog.com

pagosmultired.online

emsculptcenterofne.com

meet-friends.online

pf326.com

wealthjigsaw.xyz

arsajib.com

kickassholdings.online

avaturre.biz

dtslogs.com

lb92.tech

pittalam.com

Targets

- Target
  
  Release Pending.exe
- Size
  
  1.1MB
- MD5
  
  08bdb251d619b9d222c5481e4432339c
- SHA1
  
  49c9d1af7565e7babd6df49890555a8a8aa3a534
- SHA256
  
  1312d3fc06f4908cc94cc07e86ae369116a825b7fbd22b98d54b04e6c3ac59b5
- SHA512
  
  63ba4fd6150fd5ccc65023927a6d64fc7806312f6edb6e2e091a57f6e0e8c6365e67d240e6699d622790d75339d751dc02c66e99929f18f65462fabf122de921
- SSDEEP
  
  24576:ztjW/47VJyA5nucMY7AH979NrGGws3z67Y9Ea9RZN6RVyDU:ztjW/iF5nnNcjrjXmU9tZMXyo
Score

10^/10

formbook he2a rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2