formbook

General

Target

uzomazx.exe
Size

1.0MB
Sample

230827-ltx18sgh42
MD5

c178cb400a5d151c4e59640ca55b604a
SHA1

2f335f8791e3effef43c8f3441d9573f70ea22e9
SHA256

903bfcbe2d85143ad723b47ed1edc96f5416fa3b584fe76e74d75e93ff4b2e64
SHA512

fcc86d5858403f0a93ce1bda799e88338ad758403c1c6124ac181d61725052e0e1bd99edf1beff341cb576d085b63d3b78966c56a8b79cdf56b8d60a28e28527
SSDEEP

24576:j1u6u4RbJDAzdUqYyDim6cF56gemFZiPZHWxEGPnqdOp:jV9RbJwdtim6cF5sR2xEGPnqdO

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ua69

Decoy

uslanmayizz.com

rrucrowd.com

nerexy.online

guolang-clan.com

meteleabogados.com

sh-gottipati.com

themesmiui.com

anananlan.com

roghanala.com

yekitiba.com

echoskinco.com

btlpour.xyz

shoyo-samaa.com

fuzzywumpus.net

malerzeit.com

xiam.online

brandibraunalissa.com

cryptominis.pro

we-living.com

dc-invest.online

Targets

- Target
  
  uzomazx.exe
- Size
  
  1.0MB
- MD5
  
  c178cb400a5d151c4e59640ca55b604a
- SHA1
  
  2f335f8791e3effef43c8f3441d9573f70ea22e9
- SHA256
  
  903bfcbe2d85143ad723b47ed1edc96f5416fa3b584fe76e74d75e93ff4b2e64
- SHA512
  
  fcc86d5858403f0a93ce1bda799e88338ad758403c1c6124ac181d61725052e0e1bd99edf1beff341cb576d085b63d3b78966c56a8b79cdf56b8d60a28e28527
- SSDEEP
  
  24576:j1u6u4RbJDAzdUqYyDim6cF56gemFZiPZHWxEGPnqdOp:jV9RbJwdtim6cF5sR2xEGPnqdO
Score

10^/10

formbook ua69 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2