formbook

General

Target

aa305fd0870aa227c16bd1060964d2b8.exe
Size

902KB
Sample

240110-vhyytscde2
MD5

aa305fd0870aa227c16bd1060964d2b8
SHA1

a29ba6abc7eb4752929a1c213ffc89770ff878e0
SHA256

10b71b9870e8b389acdf0874c2d49d392a9d9d227fd37e9f12c290b217f95fc0
SHA512

aaebd755fddaccdd29cb975db21e50e233deb7f367d99a7a0a8850231c15c609cec378975ae498d0682598321b5687af9422e3704e0cb8f57407c1119a2401e1
SSDEEP

24576:EvpoS6P2zy0wefqdraQmzuV1ItWzSLN7+qgfAC:ERGOzffzRur8WmZ7+qgfL

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

sg36

Decoy

cookfranschhoek.com

rajaslot138.today

eightfigureroundtable.com

sdklwdz.com

novaturienthealth.com

sk87k.xyz

defoutenmakers.online

eadsanuncios.com

drewkav.com

car-insurance-94416.bond

m3nm.site

6vab.site

towing-barnesville.top

authentifizierung-beginnen.com

thejmfc.com

beggiapizza.site

gttsfibermill.com

cdugood.com

dominiongeneralcontractors.com

deprepagos.com

Targets

- Target
  
  aa305fd0870aa227c16bd1060964d2b8.exe
- Size
  
  902KB
- MD5
  
  aa305fd0870aa227c16bd1060964d2b8
- SHA1
  
  a29ba6abc7eb4752929a1c213ffc89770ff878e0
- SHA256
  
  10b71b9870e8b389acdf0874c2d49d392a9d9d227fd37e9f12c290b217f95fc0
- SHA512
  
  aaebd755fddaccdd29cb975db21e50e233deb7f367d99a7a0a8850231c15c609cec378975ae498d0682598321b5687af9422e3704e0cb8f57407c1119a2401e1
- SSDEEP
  
  24576:EvpoS6P2zy0wefqdraQmzuV1ItWzSLN7+qgfAC:ERGOzffzRur8WmZ7+qgfL
Score

10^/10

formbook sg36 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2