formbook

General

Target

DHL_AWB_907853880911.exe
Size

599KB
Sample

230808-hm25tsce9v
MD5

84783a2493baf6e8db916c57e81f90bc
SHA1

bb4360a60ae5d25d1d90790ee993de7a1a0f5ed2
SHA256

556c89d97bff251e5a6e5db0b9e7dc69f11752758538ecbba759c9347ae4b2a9
SHA512

52c971a43bdd8e5030a9f7472b4e510e700d7227f52d66fa3a1f907a1b1ea7cc6f6ffd3b3801f985a8d2f141c140ded2fcca12cb9c188875e463bd9d8b8a7c6f
SSDEEP

12288:MgniF9czTFlkDiVgWMLudJ9eJP2+LbxowdZWUMMytEAiV5:MgniUPFkiPXgJTbew3WUfyN+

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

f1w6

Decoy

yourcomplexproject.com

ceoclubonline.com

omkararts.com

oldiefans.info

kalendrgptapp37.com

expetowing.com

531008.com

shguojibu.com

proartesmarciales.com

mlo564.xyz

canada-topsales.com

your-local-girls.info

hitroader.com

hoagiepalooza.site

wallstreetbull.online

pw786.vip

salamcleaning.com

carbon-cars.com

playacabarete.net

ifgfunds.com

Targets

- Target
  
  DHL_AWB_907853880911.exe
- Size
  
  599KB
- MD5
  
  84783a2493baf6e8db916c57e81f90bc
- SHA1
  
  bb4360a60ae5d25d1d90790ee993de7a1a0f5ed2
- SHA256
  
  556c89d97bff251e5a6e5db0b9e7dc69f11752758538ecbba759c9347ae4b2a9
- SHA512
  
  52c971a43bdd8e5030a9f7472b4e510e700d7227f52d66fa3a1f907a1b1ea7cc6f6ffd3b3801f985a8d2f141c140ded2fcca12cb9c188875e463bd9d8b8a7c6f
- SSDEEP
  
  12288:MgniF9czTFlkDiVgWMLudJ9eJP2+LbxowdZWUMMytEAiV5:MgniUPFkiPXgJTbew3WUfyN+
Score

10^/10

formbook f1w6 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2