formbook

General

Target

e960f10f4c8fd0f6b380743439c91fdb.exe
Size

946KB
Sample

230609-kw59yscd9s
MD5

e960f10f4c8fd0f6b380743439c91fdb
SHA1

ccf3feb1d2f7e01c0732fee057e01d13285eb90d
SHA256

fbaea63cf0928cdd548719ce257ea3813b92a8765f561bbe7e8842e7d830b87e
SHA512

cf22f2fdb305bdff5a7d25a5d1e5e7db097df391e56f66cfc2c5118f1cf063a0123eb2be6e978d6909ca856fad814eb0be65d2ac45d3dab918ef3c8869d189db
SSDEEP

24576:PuHeMjlSADnET+YvWBThrbJnJz+ydKbxsg:2+Q7DErvchJ6QKFs

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

btrd

Decoy

toulouse.gold

launchyouglobal.com

margarita-services.com

dasnail.club

casa-hilo.com

hardscapesofflorida.com

thepositivitypulse.com

kkmyanev.cfd

love6ace22.top

castorcruise.com

chch6.com

h59f07jy.cfd

saatvikteerthyatra.com

fxsecuretrading-option.com

mostbet-k1o.click

36-m.beauty

ko-or-a-news.com

eurekatextile.com

gynlkj.com

deepsouthcraftsman.com

Targets

- Target
  
  e960f10f4c8fd0f6b380743439c91fdb.exe
- Size
  
  946KB
- MD5
  
  e960f10f4c8fd0f6b380743439c91fdb
- SHA1
  
  ccf3feb1d2f7e01c0732fee057e01d13285eb90d
- SHA256
  
  fbaea63cf0928cdd548719ce257ea3813b92a8765f561bbe7e8842e7d830b87e
- SHA512
  
  cf22f2fdb305bdff5a7d25a5d1e5e7db097df391e56f66cfc2c5118f1cf063a0123eb2be6e978d6909ca856fad814eb0be65d2ac45d3dab918ef3c8869d189db
- SSDEEP
  
  24576:PuHeMjlSADnET+YvWBThrbJnJz+ydKbxsg:2+Q7DErvchJ6QKFs
Score

10^/10

formbook btrd rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2