formbook

General

Target

485ed47a38457e0c139e213688ee90ff
Size

1.1MB
Sample

240107-h7528agfar
MD5

485ed47a38457e0c139e213688ee90ff
SHA1

531ef2ffca63a24fc727c8271cf0a5c17c1d0909
SHA256

111a49310971b944f9b7d2c10b0f317658ea5778caa876c818679427f503f13a
SHA512

1641cb48c5edc10ea29c9f8f5598a434ea5418da6799ea66b15b5d1113be72b31d3d040eeaa87c79c3f01f8c0093aa400a91d5d43b105d1edf5ba4e3f6d5492c
SSDEEP

24576:OkYIwWHRU9/d31zOUK61VM9rbJTrNYJir9:OucOUK6XSFTrNYJQ9

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

bn89

Decoy

mynorthernfcu.com

leafolux.com

joycasino-official-game2.win

shopfourfourteen.com

gzjyby.com

rapidwastedisposal.com

homme-alpha.com

essentialpowerwithin.com

emeralddrumcompany.com

dyspay.com

makedollarsonline.info

fredautosport.net

amzrelay.com

qtqqwdnbu.icu

lookingupproperties.com

twojemiasto.info

zrlin.online

mykabirmusic.com

mukulikamakeupartistry.com

mouridi.com

Targets

- Target
  
  485ed47a38457e0c139e213688ee90ff
- Size
  
  1.1MB
- MD5
  
  485ed47a38457e0c139e213688ee90ff
- SHA1
  
  531ef2ffca63a24fc727c8271cf0a5c17c1d0909
- SHA256
  
  111a49310971b944f9b7d2c10b0f317658ea5778caa876c818679427f503f13a
- SHA512
  
  1641cb48c5edc10ea29c9f8f5598a434ea5418da6799ea66b15b5d1113be72b31d3d040eeaa87c79c3f01f8c0093aa400a91d5d43b105d1edf5ba4e3f6d5492c
- SSDEEP
  
  24576:OkYIwWHRU9/d31zOUK61VM9rbJTrNYJir9:OucOUK6XSFTrNYJQ9
Score

10^/10

formbook bn89 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- CustAttr .NET packer
  Detects CustAttr .NET packer in memory.
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

CustAttr .NET packer

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2