formbook

General

Target

SecuriteInfo.com.Win32.PWSX-gen.2409.15933.exe
Size

618KB
Sample

230922-e4tm8sda2s
MD5

39ef5b03e636dfabb4ee99552257d100
SHA1

22b3b48c35902bb7a95bfe49a0213d6a3113898e
SHA256

0192232934b2f9ae2a37ac4c8188f70804acd4c6718c95a47710f49e2f9ae9b1
SHA512

958030a35ecac93eaccc812df7e20e68446672e4f0c713dbbe6721a316b6bd49c1ba9304a8fe50ed16b7f59b2e27d4b84676e8ce68e3f1622385a91b88688b40
SSDEEP

12288:oV/rD67+XIAw4WbKPnt4nPSjwf+EQsDdlXfbR+5yqemf+s0K:YD1IoWbKPnenswf+JsppbRCemWDK

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

u1r9

Decoy

brightlegalclub.com

90008555.com

nakedfitness.club

asdfcdxsz.link

ocp9z047.click

1xbet-znx.top

takmeeiiom.online

loveofacoffee.com

elodieshiatsu-bienetre.com

waijaihome.com

loanslatvia.today

nbdgt.club

celicrt.online

onsitecomputers.net

learnwithfad.com

civilservice.app

grecoemploymentlaw.com

7780to1.com

ontimefishing.com

extremepaverfl.com

Targets

- Target
  
  SecuriteInfo.com.Win32.PWSX-gen.2409.15933.exe
- Size
  
  618KB
- MD5
  
  39ef5b03e636dfabb4ee99552257d100
- SHA1
  
  22b3b48c35902bb7a95bfe49a0213d6a3113898e
- SHA256
  
  0192232934b2f9ae2a37ac4c8188f70804acd4c6718c95a47710f49e2f9ae9b1
- SHA512
  
  958030a35ecac93eaccc812df7e20e68446672e4f0c713dbbe6721a316b6bd49c1ba9304a8fe50ed16b7f59b2e27d4b84676e8ce68e3f1622385a91b88688b40
- SSDEEP
  
  12288:oV/rD67+XIAw4WbKPnt4nPSjwf+EQsDdlXfbR+5yqemf+s0K:YD1IoWbKPnenswf+JsppbRCemWDK
Score

10^/10

formbook u1r9 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2