formbook

General

Target

6ed8801868c8baadf89c50bff443e9c29002e0db951ee456ffba50bca1812d6d_JC.exe
Size

650KB
Sample

230930-pyjk7aca5s
MD5

e189c425869e466d842c472d895035d7
SHA1

e50796539a9fd5c50f6569c00c2d01709bf203db
SHA256

6ed8801868c8baadf89c50bff443e9c29002e0db951ee456ffba50bca1812d6d
SHA512

49c10e95d653531d4f92c3377f351c5639971fb58513aac23c803bb4ba930de101c20dd77649e1dd7bb207e6ba64150af2c99deb174bb7a5d62fe948b6d308f1
SSDEEP

12288:VcrAckjQ5bLSqHcGdDY30I3lYPiICl45mLPKNDOvNvttVZeDh1:OkabLjcIc0I3l4wlBLCm7V

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

4hc5

Decoy

amandaastburyillustration.com

7141999.com

showshoe.info

sagemarlin.com

lithuaniandreamtime.com

therenixgroupllc.com

avalialooks.shop

vurporn.com

lemmy.systems

2816goldfinch.com

pacersun.com

checktrace.com

loadtransfer.site

matsuri-jujutsukaisen.com

iontrapper.science

5108010.com

beidixi.com

21305599.com

peakvitality.fitness

osisfeelingfee.com

Targets

- Target
  
  6ed8801868c8baadf89c50bff443e9c29002e0db951ee456ffba50bca1812d6d_JC.exe
- Size
  
  650KB
- MD5
  
  e189c425869e466d842c472d895035d7
- SHA1
  
  e50796539a9fd5c50f6569c00c2d01709bf203db
- SHA256
  
  6ed8801868c8baadf89c50bff443e9c29002e0db951ee456ffba50bca1812d6d
- SHA512
  
  49c10e95d653531d4f92c3377f351c5639971fb58513aac23c803bb4ba930de101c20dd77649e1dd7bb207e6ba64150af2c99deb174bb7a5d62fe948b6d308f1
- SSDEEP
  
  12288:VcrAckjQ5bLSqHcGdDY30I3lYPiICl45mLPKNDOvNvttVZeDh1:OkabLjcIc0I3l4wlBLCm7V
Score

10^/10

formbook 4hc5 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2