formbook

General

Target

SecuriteInfo.com.W32.MSIL_Kryptik.DWR.gen.Eldorado.11372.26670
Size

584KB
Sample

230830-qzvwaaeg51
MD5

d3a103b0ea9ff42f7fba597b1b42287b
SHA1

6162299a606c4ed6449ae8db8c872db81999f9e9
SHA256

2ea94454b1acb888df318792b9a81e621b95e54619d3306a4a11e26148fb3fe3
SHA512

738b3d98ab54b9e500ad0bce1858313aea9aece0c371fb9395918c1b30ef135789e854388f00ba6981f2040f464ac52c1d52fd01942ebc0d2ea04b820dde5eee
SSDEEP

12288:1O6ULrAhKbW4TvzithdEqJ+WvH/RvqbIVeJ7iED02kQlEoQ:0LrNbB7WLEqk4HpSbIVTEDjRJQ

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

u1r9

Decoy

brightlegalclub.com

90008555.com

nakedfitness.club

asdfcdxsz.link

ocp9z047.click

1xbet-znx.top

takmeeiiom.online

loveofacoffee.com

elodieshiatsu-bienetre.com

waijaihome.com

loanslatvia.today

nbdgt.club

celicrt.online

onsitecomputers.net

learnwithfad.com

civilservice.app

grecoemploymentlaw.com

7780to1.com

ontimefishing.com

extremepaverfl.com

Targets

- Target
  
  SecuriteInfo.com.W32.MSIL_Kryptik.DWR.gen.Eldorado.11372.26670
- Size
  
  584KB
- MD5
  
  d3a103b0ea9ff42f7fba597b1b42287b
- SHA1
  
  6162299a606c4ed6449ae8db8c872db81999f9e9
- SHA256
  
  2ea94454b1acb888df318792b9a81e621b95e54619d3306a4a11e26148fb3fe3
- SHA512
  
  738b3d98ab54b9e500ad0bce1858313aea9aece0c371fb9395918c1b30ef135789e854388f00ba6981f2040f464ac52c1d52fd01942ebc0d2ea04b820dde5eee
- SSDEEP
  
  12288:1O6ULrAhKbW4TvzithdEqJ+WvH/RvqbIVeJ7iED02kQlEoQ:0LrNbB7WLEqk4HpSbIVTEDjRJQ
Score

10^/10

formbook u1r9 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2