formbook

General

Target

05a5c81fdc977faa60cdd7914e543316
Size

660KB
Sample

231229-2e5ersebgj
MD5

05a5c81fdc977faa60cdd7914e543316
SHA1

a6dab7def82d613ac9657f97feae55c1c87d8c8e
SHA256

cba13febcc8a22b7d10f84d29e4b9c596796f4fb158c4ad9318deb5c822af13e
SHA512

6d1e4de25d1f4c86fc394f06cdb9b5773a3f8bfbf32c532e647833a5e5808df701c717ab2cd2e14123966f52ed097abac45f8e36975bde4449d79a33fc4d79b8
SSDEEP

12288:1Dp+gczyhNSvRbBQHR4qz91hI0zSaNsvz+yuWDVId21NaI+E8tyvXddM+5vRmZQc:edX5p/qA6BBVTu6Np8z1

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

dsnr

Decoy

nilbahis9.com

sport-streamhd.com

lewislegacyinvestments.com

tradingimpulse.com

robincharity.com

20200856meanathing.space

xzklzl.com

raenina.com

ohmygreet.com

xw-bj.com

redevelopment38subhashnagar.com

whadsrm.icu

asiandiasporas.com

legaleum.com

rebelmum.com

kulovic.com

odfjelloceanwind.com

heritageassisted.care

dexterragroup.net

twelvefortyfive.com

Targets

- Target
  
  05a5c81fdc977faa60cdd7914e543316
- Size
  
  660KB
- MD5
  
  05a5c81fdc977faa60cdd7914e543316
- SHA1
  
  a6dab7def82d613ac9657f97feae55c1c87d8c8e
- SHA256
  
  cba13febcc8a22b7d10f84d29e4b9c596796f4fb158c4ad9318deb5c822af13e
- SHA512
  
  6d1e4de25d1f4c86fc394f06cdb9b5773a3f8bfbf32c532e647833a5e5808df701c717ab2cd2e14123966f52ed097abac45f8e36975bde4449d79a33fc4d79b8
- SSDEEP
  
  12288:1Dp+gczyhNSvRbBQHR4qz91hI0zSaNsvz+yuWDVId21NaI+E8tyvXddM+5vRmZQc:edX5p/qA6BBVTu6Np8z1
Score

10^/10

formbook dsnr rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2