formbook

General

Target

SVD002837727.exe
Size

798KB
Sample

230607-lr7gwsaa8w
MD5

fdb52da6cf766fb4f0c56d3dac749faa
SHA1

32c1e7f2ac0506025ceafd8465fb5be2c61590bf
SHA256

6504563c0b530d8886ebe893983491e046949b70117d41c9baff7e8503e202dd
SHA512

a9aa3ad596173825499b88c3abf07ace7f407ffa90a0dce4c631ac3e8b0dd278f3a3be198a05726c0ca914474845efc249a6fb6482b11e4a03f89b67d10e4bd9
SSDEEP

12288:6ZyvbhaDnLMzIL2q+RTdOL8er5TXnrd2Bh5qj4lPucRd3nX88+c7vWbtNr9/2DIY:3OyqGUL8CTXSPuc7Xs7J/y2B/S

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

km37

Decoy

busybody.app

damcostafreda12.cat

blueridgebedracks.com

hilltopspice.com

addonysfitwear.com

bestridelabs.com

huashi366.com

1wihug.top

66563.se

96mvipmy.com

lab1207.com

80b80.app

graphicstudio53.com

xn--etherealsoires-mkb.com

bestrosetoy.com

discounthub.xyz

addmusthaveoppprofit.online

abovegame.biz

getv3apparel.com

designroom.app

Targets

- Target
  
  SVD002837727.exe
- Size
  
  798KB
- MD5
  
  fdb52da6cf766fb4f0c56d3dac749faa
- SHA1
  
  32c1e7f2ac0506025ceafd8465fb5be2c61590bf
- SHA256
  
  6504563c0b530d8886ebe893983491e046949b70117d41c9baff7e8503e202dd
- SHA512
  
  a9aa3ad596173825499b88c3abf07ace7f407ffa90a0dce4c631ac3e8b0dd278f3a3be198a05726c0ca914474845efc249a6fb6482b11e4a03f89b67d10e4bd9
- SSDEEP
  
  12288:6ZyvbhaDnLMzIL2q+RTdOL8er5TXnrd2Bh5qj4lPucRd3nX88+c7vWbtNr9/2DIY:3OyqGUL8CTXSPuc7Xs7J/y2B/S
Score

10^/10

formbook km37 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2