formbook

General

Target

QUOTE REQUEST 047855273660.exe
Size

725KB
Sample

230710-ll5q4sae71
MD5

065cf92b7519116b3cbb416e7d31dfba
SHA1

706b218470e606e34d6605b6ed776f67c35efc94
SHA256

091305d3595b7324e7fb674b6120cdb142a6196e796f890fd625e76a014211e8
SHA512

588e33825a813d9ed577e76c8926246633886b6f653f5ddc6f515c16fffbf5438018ba71eb720251d3d53bde1a780acdeb3723148ee6b8604cc168375b451f37
SSDEEP

6144:/Jepo8KR2VeL6CIVNcCCBxvIM+PBJUWaYh08H+xxPC8ZhG1xVaqklq5LTyrHsVfm:amZQVtY9GA/4QWM723tlC1tRX0po/9D

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

jy95

Decoy

do-si-dough.com

cchapmanganato.com

04it.icu

kawebdesign.site

oasisconnects.com

op091.com

psychicstandupcomedy.com

harveylee.online

x55568.com

orbinlopez.one

45745931.buzz

undiereleaseco.com

cludybot.net

sailtmtbar.com

siennashih.com

premintxyz.net

xn--bj4bt9j.com

giornalaiditalia.com

colorfullemonade.com

baddiebearz.com

Targets

- Target
  
  QUOTE REQUEST 047855273660.exe
- Size
  
  725KB
- MD5
  
  065cf92b7519116b3cbb416e7d31dfba
- SHA1
  
  706b218470e606e34d6605b6ed776f67c35efc94
- SHA256
  
  091305d3595b7324e7fb674b6120cdb142a6196e796f890fd625e76a014211e8
- SHA512
  
  588e33825a813d9ed577e76c8926246633886b6f653f5ddc6f515c16fffbf5438018ba71eb720251d3d53bde1a780acdeb3723148ee6b8604cc168375b451f37
- SSDEEP
  
  6144:/Jepo8KR2VeL6CIVNcCCBxvIM+PBJUWaYh08H+xxPC8ZhG1xVaqklq5LTyrHsVfm:amZQVtY9GA/4QWM723tlC1tRX0po/9D
Score

10^/10

formbook jy95 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2