formbook

General

Target

NEAS.9d507d3f7b58d898ff10eb7443b6feb32ea2ea6972d3ceafa67e2e0a1d0504feexe_JC.exe
Size

575KB
Sample

231023-v9kkhsdd85
MD5

c1feb44ae338eb00dbe923fd56d5a18a
SHA1

26e1bc57820890dff65966d74f66019403fadcdd
SHA256

9d507d3f7b58d898ff10eb7443b6feb32ea2ea6972d3ceafa67e2e0a1d0504fe
SHA512

fff511f1e1031adfc3cd9457298ff5e1ef16201200b6ad1a769331a3d915a18ced09d82b32e3fd3f2e8556a5f85fab5d04a2114349a09850a72325b4fbddcc82
SSDEEP

12288:E/jNu5VoGUpQCYaSm2KuJPkoF+KUr94xsJwQZG588YrX10/4:ELNu5Vo2CYaRBuJPkoUpp4s85

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

k0p2

Decoy

theluxurytraveljournal.com

skybet10.com

mountruqal.online

onlyones.xyz

kloea.top

studio7crochet.online

dhv9gmy.top

walkereld.com

script-shore.com

bwerger02.xyz

clempi.xyz

lishapanchal.com

imagemaza.com

ludu65.com

zenith-leadership.com

undertheradar.zone

802cm.top

budeny.com

piabellacasino338.com

eclipse-demolition.com

Targets

- Target
  
  NEAS.9d507d3f7b58d898ff10eb7443b6feb32ea2ea6972d3ceafa67e2e0a1d0504feexe_JC.exe
- Size
  
  575KB
- MD5
  
  c1feb44ae338eb00dbe923fd56d5a18a
- SHA1
  
  26e1bc57820890dff65966d74f66019403fadcdd
- SHA256
  
  9d507d3f7b58d898ff10eb7443b6feb32ea2ea6972d3ceafa67e2e0a1d0504fe
- SHA512
  
  fff511f1e1031adfc3cd9457298ff5e1ef16201200b6ad1a769331a3d915a18ced09d82b32e3fd3f2e8556a5f85fab5d04a2114349a09850a72325b4fbddcc82
- SSDEEP
  
  12288:E/jNu5VoGUpQCYaSm2KuJPkoF+KUr94xsJwQZG588YrX10/4:ELNu5Vo2CYaRBuJPkoUpp4s85
Score

10^/10

formbook k0p2 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2