formbook

General

Target

e853e750421f951ae0a6bd231e0bd5b0.exe
Size

1.0MB
Sample

240109-ws1e3sfaej
MD5

e853e750421f951ae0a6bd231e0bd5b0
SHA1

0f7eb114f22705449e4069484aeb77e4fa88387f
SHA256

ee7d4eabf89c595d1adfc55c618777216b987729e02381381c82ca50a890c3a2
SHA512

53d0ecd97c862a6c920ee0113ed64f11121d611593da12caca53e933328e55b8c8315173410fa024989688124143bb75c55bfba15b0c68118e1773e677613028
SSDEEP

12288:EvbSopg3ip6aBOjNP5/d3XSAHoRoDoyoNo0K2znyuSzr2VsJursi/UYPydyAJa:IdYA6ac15/d3n64Jac2ezPti/UYPE

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

pm7s

Decoy

angrypeacocks.site

theindependentartlable.com

coachingforthewin.com

localbizsc.com

drive-a-supercar.com

mewsette.com

scinuh.com

gurugramaffordablehomes.com

riamedefarm.com

richfitzfashions.com

u9j1o.info

dife-rent.com

talesfromthequadrat.com

dandfmotors.com

springtexasdentist.com

gobakala.store

earlyeducationglobal.com

sdrxsb.site

dreamlifebiz.com

theurbancaveshop.com

Targets

- Target
  
  e853e750421f951ae0a6bd231e0bd5b0.exe
- Size
  
  1.0MB
- MD5
  
  e853e750421f951ae0a6bd231e0bd5b0
- SHA1
  
  0f7eb114f22705449e4069484aeb77e4fa88387f
- SHA256
  
  ee7d4eabf89c595d1adfc55c618777216b987729e02381381c82ca50a890c3a2
- SHA512
  
  53d0ecd97c862a6c920ee0113ed64f11121d611593da12caca53e933328e55b8c8315173410fa024989688124143bb75c55bfba15b0c68118e1773e677613028
- SSDEEP
  
  12288:EvbSopg3ip6aBOjNP5/d3XSAHoRoDoyoNo0K2znyuSzr2VsJursi/UYPydyAJa:IdYA6ac15/d3n64Jac2ezPti/UYPE
Score

10^/10

formbook pm7s rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- CustAttr .NET packer
  Detects CustAttr .NET packer in memory.
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

CustAttr .NET packer

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2