formbook

General

Target

b1d6939bbb4a9f66306d13bd4b0cd7a59fbe69c451c3bd2df836a65c1114f70a
Size

800KB
Sample

230705-mjdqaadb3x
MD5

ec39b68632b1c21cce891735808e5bad
SHA1

367eb9ce7776adb301bdd27f51ac632e10184482
SHA256

b1d6939bbb4a9f66306d13bd4b0cd7a59fbe69c451c3bd2df836a65c1114f70a
SHA512

9bce138a8be3c9272c883e230eedbee66b8070c34ebe1c8c6dfe1bea1813fcd28800a95720fee10910a64eaa25b0b2b3cf24502b73ef4f88cd5e22aefa69794e
SSDEEP

12288:ioAcuF6mn1DHLZnvJ15iOe42KMu/N3mWhQmwmJCMpU+ZPjyzggl9SoUNUEkN/m8V:giOV/NOa7Pjysg2pYTY9ozxwU8EJBKM

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ct45

Decoy

aeepi.com

lifestyledoneright.com

dilojakac.cfd

vievnsfabula.xyz

jiggirirecords.com

sklaap.xyz

prepper.day

tahta4d-vip.info

p94d3.xyz

17819.vip

gptvoucher.com

ig2x0m.com

croppdtt.com

hnnhiuqme6e701.xyz

zeis.xyz

w77773.com

inspantringa.cfd

webnative.xyz

haahhuzns1okd1.xyz

thinkingmansguidetowomen.com

Targets

- Target
  
  b1d6939bbb4a9f66306d13bd4b0cd7a59fbe69c451c3bd2df836a65c1114f70a
- Size
  
  800KB
- MD5
  
  ec39b68632b1c21cce891735808e5bad
- SHA1
  
  367eb9ce7776adb301bdd27f51ac632e10184482
- SHA256
  
  b1d6939bbb4a9f66306d13bd4b0cd7a59fbe69c451c3bd2df836a65c1114f70a
- SHA512
  
  9bce138a8be3c9272c883e230eedbee66b8070c34ebe1c8c6dfe1bea1813fcd28800a95720fee10910a64eaa25b0b2b3cf24502b73ef4f88cd5e22aefa69794e
- SSDEEP
  
  12288:ioAcuF6mn1DHLZnvJ15iOe42KMu/N3mWhQmwmJCMpU+ZPjyzggl9SoUNUEkN/m8V:giOV/NOa7Pjysg2pYTY9ozxwU8EJBKM
Score

10^/10

formbook ct45 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2