formbook

General

Target

36ecd804ef4c0b94220360ba6eb45ade.exe
Size

1.0MB
Sample

240110-x6a8saegbj
MD5

36ecd804ef4c0b94220360ba6eb45ade
SHA1

0977415c3c19cb3fbfbc102c70daed1c0b86b6e6
SHA256

0ff1d940f65bfe261582d34f77a192307eaec6087ce7542e424eb50d8ec7a83a
SHA512

beac96a3762c9c2546122e4055747e983ac26b29efd686bcc59b32983b87b857be707ea4b845b561dde398eefd6632577e2bdeece13dec5ea4bcd8fb5af12a8b
SSDEEP

12288:1eZheFbLPZihYdQr9PVjMyjKkWPuOqA3plhdZJx5Z0lLbcvLq4QV:1nb98YdQVVjMyjs5qupl/78bI

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

rfqo

Decoy

gerrygapinski.com

mariashoots.com

fanaticlooks.com

mondilala.net

reviewrun.net

semessage.info

metodoiluminado-cupom.com

gdclzq.com

liteletherapy.com

bearcreekcattlebeef.com

dreampointer.com

rubygrocery.com

sevak369.com

alfacad.net

b2fb.com

creativebusinesspages.com

digitalej.com

uvgotthepower.com

caotaibanzi.com

yichuanli.com

Targets

- Target
  
  36ecd804ef4c0b94220360ba6eb45ade.exe
- Size
  
  1.0MB
- MD5
  
  36ecd804ef4c0b94220360ba6eb45ade
- SHA1
  
  0977415c3c19cb3fbfbc102c70daed1c0b86b6e6
- SHA256
  
  0ff1d940f65bfe261582d34f77a192307eaec6087ce7542e424eb50d8ec7a83a
- SHA512
  
  beac96a3762c9c2546122e4055747e983ac26b29efd686bcc59b32983b87b857be707ea4b845b561dde398eefd6632577e2bdeece13dec5ea4bcd8fb5af12a8b
- SSDEEP
  
  12288:1eZheFbLPZihYdQr9PVjMyjKkWPuOqA3plhdZJx5Z0lLbcvLq4QV:1nb98YdQVVjMyjs5qupl/78bI
Score

10^/10

formbook rfqo rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2