formbook

General

Target

Release pending bookings now.rar
Size

606KB
Sample

230605-nhnpjagb72
MD5

f5133680e0c73462a385541e004cbd21
SHA1

6c552857af56698686bb365a7be488d9921e6785
SHA256

4d86ca8f4deaffa4779027e6aa03ddd63b8b7b035e1344a609ea1fadbd1040bb
SHA512

378e24f324ec7bb4a11c20947a88801699f6ad963e444e7a69c8d47ee21f391c5f485699794992f233d6a5243492e8267e6349afb35e0df429e457cac3a07371
SSDEEP

12288:Yhdo+Qzgju2TUZoOawpEbetKNdE9w2nVFMuBYMs408SlXYuvtxUONV9LF7:d+Q8XT+mbetKNdE9t6uBY+hSlIuDUON5

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

he2a

Decoy

connectioncompass.store

zekicharge.com

dp77.shop

guninfo.guru

mamaeconomics.net

narcisme.coach

redtopassociates.com

ezezn.com

theoregondog.com

pagosmultired.online

emsculptcenterofne.com

meet-friends.online

pf326.com

wealthjigsaw.xyz

arsajib.com

kickassholdings.online

avaturre.biz

dtslogs.com

lb92.tech

pittalam.com

Targets

- Target
  
  Release pending bookings now.exe
- Size
  
  1.0MB
- MD5
  
  3bef2dbbf3e0ac085648e48ef452773b
- SHA1
  
  b28b14b6c2e553491c800ef28f65e5f7cf1fee8b
- SHA256
  
  041e8def9ed010055a5b366d501d80f49601e6c8650470c7163addb52a45e634
- SHA512
  
  6ffba388a9874fa10f685c5409616f4bcd575308dfbbfb2279b9989fe7cec224a9412b3acd11e1d69e3085892c05e2352411bb797f53db220532b2d998ce4693
- SSDEEP
  
  12288:MNMN0wkqh+X0K2o1K7TIwbgLUUFf23QhDcqo3YuoacafT1Bs/:8OhUR8TlgoMZckHac4Q
Score

10^/10

formbook he2a rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2