formbook

General

Target

SKM_TR0020102023 pdf.exe
Size

545KB
Sample

231122-hr3l6aag78
MD5

c03304f61e279fd0608c9f45e978ba9a
SHA1

0e25baf5f637cb53d811c28d0f110d1ed6e692f1
SHA256

08bd19ee270606f776e998984c478e35eb93b7a8eade7c4d945d2869ece51ed9
SHA512

c9ce7463c91ce23a70d27e2f8639d2343652234a430108d8360ff1c0190aa8b044e8d0f21f9c75bf025d13473943bc0f88e6647ae79711c5a7da61d8c4559af8
SSDEEP

12288:38oUQsNpeR1lxn2BnlaJQyMpUEviTNcIkHd:s/QIpeR/pscJEviJI

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

g11y

Decoy

dianedaily.com

grabius.fun

aboodivesakaran.com

ttasum.site

softlytictechpro.com

charlenenicholls.com

money254.info

saleanycoin.com

zhlnas.top

bushelandabean.com

ggaperformance.com

rm168vip.life

getconsol.com

empower-excellence.com

pompgarden.com

spartanburghistorytour.com

thewrkrbees.com

baoslot-adm.com

bizchatgpt777.com

testdomenkinogid-new-1.buzz

Targets

- Target
  
  SKM_TR0020102023 pdf.exe
- Size
  
  545KB
- MD5
  
  c03304f61e279fd0608c9f45e978ba9a
- SHA1
  
  0e25baf5f637cb53d811c28d0f110d1ed6e692f1
- SHA256
  
  08bd19ee270606f776e998984c478e35eb93b7a8eade7c4d945d2869ece51ed9
- SHA512
  
  c9ce7463c91ce23a70d27e2f8639d2343652234a430108d8360ff1c0190aa8b044e8d0f21f9c75bf025d13473943bc0f88e6647ae79711c5a7da61d8c4559af8
- SSDEEP
  
  12288:38oUQsNpeR1lxn2BnlaJQyMpUEviTNcIkHd:s/QIpeR/pscJEviJI
Score

10^/10

formbook g11y rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2