formbook

General

Target

New Purchase Order.exe
Size

680KB
Sample

230722-khk2vsag3t
MD5

643062ea861a7196b0df63d3e4255b49
SHA1

3f68331238a454483ec074f496da2d86b2f62b33
SHA256

bdc8c2c8c2cf14b3189551124ff820c303a36139830b0ce299f2538ef9c2ff06
SHA512

4280de1611cee42ea7f176ec518c6b444723effc4fa1cdbd640d8833935b88f8f92aa5284f76d31a237f367d7f68727f0c4ecf84409621508befacfebd6e9b15
SSDEEP

12288:ZWc/bUYIsYoln7v3T4Fv9g1SCuTaei676+7r8iJcxivpckh+0xYQ71kn/U5g:MiXrYomF9gihx6Mr8i7mkhbGa2q

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ee2q

Decoy

uspbs.top

proflidi.com

fcsawftffcoffical.buzz

rustie.link

mflol.uk

safepalercclaim.buzz

tuomamoban.com

gxkchp.live

kfpu.store

bjcxks.com

netfiix-account.info

flyonex.com

faranstechtalk.com

littlenuggetproperties.com

greatpromo.site

bricepacific.com

yourhometownappliancerepair.com

citrixsettlement.com

delivery-broccar.com

inncur.space

Targets

- Target
  
  New Purchase Order.exe
- Size
  
  680KB
- MD5
  
  643062ea861a7196b0df63d3e4255b49
- SHA1
  
  3f68331238a454483ec074f496da2d86b2f62b33
- SHA256
  
  bdc8c2c8c2cf14b3189551124ff820c303a36139830b0ce299f2538ef9c2ff06
- SHA512
  
  4280de1611cee42ea7f176ec518c6b444723effc4fa1cdbd640d8833935b88f8f92aa5284f76d31a237f367d7f68727f0c4ecf84409621508befacfebd6e9b15
- SSDEEP
  
  12288:ZWc/bUYIsYoln7v3T4Fv9g1SCuTaei676+7r8iJcxivpckh+0xYQ71kn/U5g:MiXrYomF9gihx6Mr8i7mkhbGa2q
Score

10^/10

formbook ee2q rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2