formbook

General

Target

3170c18d47f7d8a188da758ac8018098
Size

659KB
Sample

231231-lrvs4aechk
MD5

3170c18d47f7d8a188da758ac8018098
SHA1

a8ad10f72dc61e3e1bdf88788725b7f941f03669
SHA256

7b72553cb79055a53309a3a8b771f7690cefe48dc0cad46d52a53cfb322e203a
SHA512

018d0a460036ae43ad17ea95fe41a30f24bee1258e8d70e8464f903b18f865f4e6de10bdb6f0d5bb2cdee4434a065923e6939df97144cac9f84a9292f5742a52
SSDEEP

12288:XTQku+UELEHi799mSNI0/X6J73ZiyYm5JGSA4AmlSoTADRNQmc6DjCDmomKZ1MpF:XTK+U52mzM6Z0mHGS5l0QR6Dj77uqH

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

jdge

Decoy

cungcaptapvu.com

lantianren.net

mydivorcepsychologist.com

bageurapparel.com

citydealmaker.com

historyegress.com

litekkutu.xyz

perksofkerala.com

flairmax.com

washingmachineservicerepair.xyz

organicbeauty.club

rehmazbeauty.com

goodgly.com

imtheonlyperson.systems

shbanjia199.com

mwfbd.com

halsonpipe.com

0927487.com

perfectpeachco.com

danielprok.com

Targets

- Target
  
  letter ref MAKRA-303GN-017921 Dated 19th August 2021.pdf.exe
- Size
  
  885KB
- MD5
  
  c489912068a72c74eb218562beeaaf8a
- SHA1
  
  6348afcd2c4645d983f6982bc3271646a3049fd5
- SHA256
  
  78ddeffb28de453b1235da58833f3e8532635bf556fb2ef23e25aa58b15506b0
- SHA512
  
  3d0ad7e47472b69026658d64017cc8aa30843c5757b521bb6edc7fdf8ec9a3bff889233ab38c8b3e58308beea2c150498ff78edef01b93107b3843881618b4b3
- SSDEEP
  
  12288:E3hYkBcPwb/nRlnGWsDzvFXQKoXVtnL+BpD2ePG72HrV7:hK/RlnE58fnKrvPG7gr
Score

10^/10

formbook jdge rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2