formbook

General

Target

8fa85ce4b25441a6e45dd6c74cb79670
Size

749KB
Sample

231222-p3lw4sbchn
MD5

8fa85ce4b25441a6e45dd6c74cb79670
SHA1

1b5ce8ebb1074d89dead6ed83e7c8d6d77a8971f
SHA256

6a778cbfb34a637265c39ae5a0a321010998d93fb7183b4e8766a4a2390bf72f
SHA512

31c726a677f25ef0dbb688d0b778d527661fda5208da8bd3cb11fc971536b8b2e18ccdeea4008956515a6fd6c1f6d1999884a754e51fc696b5540dbf1c2ec5be
SSDEEP

12288:lgO3+VUPObK1Cnf2VtYLrlz1+e+AWQDXNXvjR/zk8iWNEQiEKwB:tHwlLWkXNBk8iWNAi

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ergs

Decoy

jardineriavilanova.com

highkeyfashionboutique.com

willingtobuyyourhouse.com

ysfno.com

bjkhjzzs.com

hexmotif.com

intentionalerror.com

nuu-foundfreedom.com

catalystspeechservices.com

blackmybail.com

xntaobaozhibo.com

site-sozdat.online

45quisisanadr.com

ipawlove.com

yifa5188.com

admm.email

houseoftealbh.com

scale-biz.com

vdvppt.club

loveandlight.life

Targets

- Target
  
  8fa85ce4b25441a6e45dd6c74cb79670
- Size
  
  749KB
- MD5
  
  8fa85ce4b25441a6e45dd6c74cb79670
- SHA1
  
  1b5ce8ebb1074d89dead6ed83e7c8d6d77a8971f
- SHA256
  
  6a778cbfb34a637265c39ae5a0a321010998d93fb7183b4e8766a4a2390bf72f
- SHA512
  
  31c726a677f25ef0dbb688d0b778d527661fda5208da8bd3cb11fc971536b8b2e18ccdeea4008956515a6fd6c1f6d1999884a754e51fc696b5540dbf1c2ec5be
- SSDEEP
  
  12288:lgO3+VUPObK1Cnf2VtYLrlz1+e+AWQDXNXvjR/zk8iWNEQiEKwB:tHwlLWkXNBk8iWNAi
Score

10^/10

formbook ergs rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2