formbook

General

Target

1eb4693c46dbaf9764ff25be6ba4300a0044c790c3e9a73640329e30ed7d67b2
Size

573KB
Sample

230919-dfmz4sge92
MD5

0aeb3851024beb674347b5a816e0ac6e
SHA1

249113eee8d7f11c8a634f0e0923ce6a248e8d5f
SHA256

1eb4693c46dbaf9764ff25be6ba4300a0044c790c3e9a73640329e30ed7d67b2
SHA512

3d61f875ff867bafe99ee05aa84737f510539bf3a12ae8c09a6f89d7111befdb181abb69e2499d3d6bd204a2ec4d8c6906b6f5f797738bfc458605d13d86dca9
SSDEEP

12288:5pLemNo+8ImRxPpz/AaKjDe47poiaBIdhgkahmQHGv:5t8ImR7z69ocYkahbmv

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

m0u5

Decoy

thefdigroup.com

ashirovinc.com

nbkbj.com

sundirect.cloud

watertreegirls.com

transportevolpara.com

shohagit.com

warna99.net

infsodex.online

fansjolt.com

ourrajasthan.com

secretgardenbuys.com

italyimportvinhos.com

gxzfwx.com

aujhgk.buzz

75313a.com

tertians.com

asansys.net

jacksonsportsmemorabilia.com

globalkamp305.com

Targets

- Target
  
  RFQ_Brazil.exe
- Size
  
  665KB
- MD5
  
  8c9063c775cdc83e37cc1627c2db4e35
- SHA1
  
  fdb299c90896fe4da7296eea45e435eeaea01a93
- SHA256
  
  ee68eb97a5b52851a5154c7078391f42c63dc93e093cfce520f57146bc1b2973
- SHA512
  
  7deb68cc997fd3e049654c42c294317ab881ba72cb6bcb9d4ce0f499594d9c2a3a49125a217761c4a8d712e7838a50533bda464270cd309f3075fefe8fd91ae1
- SSDEEP
  
  12288:+6n+XfJw1UN1PLRksi04MgJjIMbDu5innGNMd4MxajKRM9Hg:DKBw+JNc0EtSq5PIH
Score

10^/10

formbook m0u5 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2