formbook

General

Target

invoice.zip
Size

680KB
Sample

230816-pmsdysag58
MD5

dfe058750f3718d527baf78c6fac9e15
SHA1

150a2d83de4a0a2039a66e29fc2d72cd4c372384
SHA256

e3921e3d49ebc5e8541b75a72dc137e89431e182ecf63d2dfc52d7be73455c3a
SHA512

1314fc51da3fcffb871bee2ffda56f177fcee140bfaddb8e852e38e9a17501e1f41a7e072e1263cf0a1b5db9548ee9ae979e96bb5d80f151b745ca3861288c65
SSDEEP

12288:Ldd4IPMUIW406PLKD3HBFYp5SMHaR6GFRI+EIWfgutt7t76cghbvL+:LPEUIWl6PLKgpi3FRI+EJBtt7t7yhbvS

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

e14e

Decoy

bekamwanitajogja.com

dysae21.xyz

warehouse-top-jobs.today

h53h.com

fertility.builders

coincallpro.com

gdlinternational.sale

r3hews.shop

sg199.com

whitehillmemorials.com

nadadedor.com

pamphletbox.com

4dsmartglass.com

avaluxuryliving.com

fatdog.club

insightinvention.com

exmigraine.com

bridxo.xyz

wy6zbsa.xyz

jithinvijay.com

Targets

- Target
  
  invoice.exe
- Size
  
  926KB
- MD5
  
  f93b86ab785cc1422188c476d3483ad5
- SHA1
  
  cb8e9cedad42afbf0a32cdc58643450fd149e6ad
- SHA256
  
  6217071ee755bb3de9914c5ee71161ed5666acd77c7cb6bd972d465707bf0613
- SHA512
  
  b7161e145dcf2ab24816866980f8afb42f0535e75a66c870c86f043140580203d94bd754ee35a52f2dc6722d282fdf48aa6f87b85ec7d97c8a6b80efc3258c63
- SSDEEP
  
  12288:D1PDogOtA1MUII0a6PCKv3rBtOpxP2eZrW2uvMrxJ8mJAsjFmR00lqTjgidAA:STUIIN6PCKCpxDrFyOxJ8aAwAgTjjA
Score

10^/10

formbook e14e rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2