formbook

General

Target

6ec844914b335f0e27b9f536da5691fcc06e6ecc80d0af8dd7bc3ed8b3ee0a60_JC.exe
Size

700KB
Sample

231010-v988wafb4s
MD5

32eca73388c09d03aa06f7f87602fac2
SHA1

8fff30284e55a9c9cf8d1838bb2158249c8f9677
SHA256

6ec844914b335f0e27b9f536da5691fcc06e6ecc80d0af8dd7bc3ed8b3ee0a60
SHA512

73e74da117a4ea5fb4fe5b1d44c6733d049ec2d35250f5340b0ba7aab73bd61f282f35762745a511b9bd98bdeee2ff3de19d176905dfbd5bb65a30640206545a
SSDEEP

12288:wbl/Hdeyg7s9dERt9vy64AvWxSWOhf6GxK0psn7TpBi2ZUfOr5eVssmnxSGcIoH:o/HdeP7s96/dD4AF1xgosZw2ZUfO

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ur25

Decoy

discountstoreonline.store

profitwavemastery.com

cvqqrc9j.top

easyhub.xyz

dynamicelevateemporium.online

hlcapp.com

jayanamachine.com

agyaie.com

rentthecostume.net

jvjjdjsf.top

ratce.xyz

pensoupecas.com

nnc375.xyz

beingfrankwithcash.com

simplysoaps.store

jugouqduj.top

rampageoriginal.com

tigglywinks.com

stillnightjohns.fun

exchadom002.com

Targets

- Target
  
  6ec844914b335f0e27b9f536da5691fcc06e6ecc80d0af8dd7bc3ed8b3ee0a60_JC.exe
- Size
  
  700KB
- MD5
  
  32eca73388c09d03aa06f7f87602fac2
- SHA1
  
  8fff30284e55a9c9cf8d1838bb2158249c8f9677
- SHA256
  
  6ec844914b335f0e27b9f536da5691fcc06e6ecc80d0af8dd7bc3ed8b3ee0a60
- SHA512
  
  73e74da117a4ea5fb4fe5b1d44c6733d049ec2d35250f5340b0ba7aab73bd61f282f35762745a511b9bd98bdeee2ff3de19d176905dfbd5bb65a30640206545a
- SSDEEP
  
  12288:wbl/Hdeyg7s9dERt9vy64AvWxSWOhf6GxK0psn7TpBi2ZUfOr5eVssmnxSGcIoH:o/HdeP7s96/dD4AF1xgosZw2ZUfO
Score

10^/10

formbook ur25 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2