formbook

General

Target

AWB728590890733.exe
Size

710KB
Sample

230606-pt2k7sdf62
MD5

87b004d6cfed1e107af2c41fddfdbfaf
SHA1

9eb4da63763dd7bcaaf674476fd746dfe555a462
SHA256

44ca2fb5336865c635d0c1f4c75cfecec1b4fad8fe3de812c048c223cc06fba3
SHA512

9bbc2266987f2ecafbd8dc1507fe63532976ba74a03c6b5ebf8ff3caa9a913454e3caf447d13c722c8973339868428039d5d0e2345e00a24bb45604466387ec3
SSDEEP

12288:YsIduS2iNfmFx2iqNhujGjUE11rBrUPLjsRG8oP+IAs3Nl6bAlzbuDCpq98:YsIduS1lmFxU3NrUMR4P153N1zbQW

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

cs94

Decoy

dhaliwal3.com

iptvebay.shop

hsfgass33.top

cammali.com

dcleaningseevicesltd.co.uk

amzosecsn-jp.icu

builtmedia.co.uk

duoguang.top

forumken.net

cqivrh.cfd

lr-nexusark.com

carrirae.shop

jtownexclusive.africa

georoiddemo.online

lefinet.com

otc.rsvp

kitchenpharmacy.co.uk

bbywafz248xca4.com

digijockey.com

9-ji.com

Targets

- Target
  
  AWB728590890733.exe
- Size
  
  710KB
- MD5
  
  87b004d6cfed1e107af2c41fddfdbfaf
- SHA1
  
  9eb4da63763dd7bcaaf674476fd746dfe555a462
- SHA256
  
  44ca2fb5336865c635d0c1f4c75cfecec1b4fad8fe3de812c048c223cc06fba3
- SHA512
  
  9bbc2266987f2ecafbd8dc1507fe63532976ba74a03c6b5ebf8ff3caa9a913454e3caf447d13c722c8973339868428039d5d0e2345e00a24bb45604466387ec3
- SSDEEP
  
  12288:YsIduS2iNfmFx2iqNhujGjUE11rBrUPLjsRG8oP+IAs3Nl6bAlzbuDCpq98:YsIduS1lmFxU3NrUMR4P153N1zbQW
Score

10^/10

formbook cs94 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2