formbook

General

Target

9d9e7bb9c7faa619e5f7c2a88d220812495a078c8a9cdf465765300a9abae4be
Size

556KB
Sample

231124-grkkxahb2s
MD5

237a024aa8c393a4b0cde4be4da0a7aa
SHA1

1a7d8c67d7ef69b4a933acef66bd60bf5d489afa
SHA256

9d9e7bb9c7faa619e5f7c2a88d220812495a078c8a9cdf465765300a9abae4be
SHA512

5c180910a1a0fa8681593fbeafcfe9a6cb5a77d11fe8369a32a901525ed5233f5031d2be4ec5ea8f238fb1c56c2c168a34836270c9ea042c3a6e7c70d3ff3934
SSDEEP

12288:lEKR6s8QdXxB2RZMHpFKBpiBEDwO6y1awWdCnnldPhMpCx7pJU:lEKIpEoMHpSpiBJlSnldPhICxt2

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

cc73

Decoy

viptop77.biz

sell-home-fast-for-cash.xyz

wjbwebsite.top

ceramic.house

anthologymotors.com

acctwiseconsulting.com

xn--bj4blri6mqqan64b.com

roguester.com

blavkimped.com

mostbet-wih8.xyz

biellacapital.com

jasonmoorehead.online

wolrdtenis.com

huahuiblog.com

jonniprince.com

gohanyo.com

l4-j2.pro

coinyeard.com

fh8019.com

iltorlonia.com

Targets

- Target
  
  FLY.exe
- Size
  
  575KB
- MD5
  
  d400c125c91f0da96b71a1335d5c7e9e
- SHA1
  
  c5cadd640c60cc5ae5377fa8726c15f38808a131
- SHA256
  
  6aeb335b3a8c4506ba69d98007266a0210930cddabc6d3fe6b6c0a28e59ae7db
- SHA512
  
  8d77dc100e939fd72e3036307883584af47c35298e049fbc3c92cfb94c4a782180ff0a5c5148d72e4f2e39d6208c9237f65b1f6488e5bfa31cca5c30c0ffbf2f
- SSDEEP
  
  12288:nE+RIimQdL6iHOHpF2hJwy+atu6KVC94MVK4ENzZK:nE+evGOHpKavI4YEN
Score

10^/10

formbook cc73 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2