formbook

General

Target

03be8348a96b6dfd7f9e2e9cf774158a
Size

1.3MB
Sample

231229-zqcg1sghdj
MD5

03be8348a96b6dfd7f9e2e9cf774158a
SHA1

36001e5d587b70f594a38c0d45bb9e17d210f697
SHA256

5aac852c4f4d5626dae1b8412fc965cc50e349389cadfd512b0f641dbef21b93
SHA512

b11fcf14a4e9b31397156c509afcb9f28c307a6de89e640c574d5848c14e2e46de7fd7c516e558e991b2ded125f4e80171a49e359d7ddfe5bcbffe00319582db
SSDEEP

24576:4fOsBgo0q4wMXBmCmTOUd+L6k1XWaIboHqPU7JFFaBczogDdK:4WoHMRmCm6Ud+z1X3YoHqs7JFQcLd

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

u6ep

Decoy

kristinaandmatt2021.com

ankergreen.com

portaldoinvocador.com

artisticdancecompanyct.com

clarkson-craik-wedding.com

ourparentsaspartners.net

insuranceservicesfl.com

erxia29.com

thelogicsticks.com

silversteel-ye.com

risingstrenghtscounseling.com

psm-gen.com

katsworlds.com

manayi-matnayen.com

itsgrind30.com

punebites.com

dwkjkvsa.icu

gallucciowineries.com

rogerzhou.com

teamwork256.com

Targets

- Target
  
  03be8348a96b6dfd7f9e2e9cf774158a
- Size
  
  1.3MB
- MD5
  
  03be8348a96b6dfd7f9e2e9cf774158a
- SHA1
  
  36001e5d587b70f594a38c0d45bb9e17d210f697
- SHA256
  
  5aac852c4f4d5626dae1b8412fc965cc50e349389cadfd512b0f641dbef21b93
- SHA512
  
  b11fcf14a4e9b31397156c509afcb9f28c307a6de89e640c574d5848c14e2e46de7fd7c516e558e991b2ded125f4e80171a49e359d7ddfe5bcbffe00319582db
- SSDEEP
  
  24576:4fOsBgo0q4wMXBmCmTOUd+L6k1XWaIboHqPU7JFFaBczogDdK:4WoHMRmCm6Ud+z1X3YoHqs7JFQcLd
Score

10^/10

formbook u6ep rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- CustAttr .NET packer
  Detects CustAttr .NET packer in memory.
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

CustAttr .NET packer

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2