formbook

General

Target

78e5df8594ba2ea6bf2b58ce0ed61080
Size

912KB
Sample

240127-bnzb1abfcr
MD5

78e5df8594ba2ea6bf2b58ce0ed61080
SHA1

2a5bea5ba7a417e7460bbaa45229a624146a4bd3
SHA256

587a93ff0d5c705179a999e8d78014902a57ba119f45eb3c7c133eac8fa3c5ec
SHA512

95fc76841831d7a0486efb7b2609684b5b6621da592e654b7c94f297e6c7448690f35f3b458f885739445bc4a48ff5d86e65ff9b82c8f59877827fe2c91fae61
SSDEEP

24576:a7xtqZS/d33AE5+5+ziMUDbgkHmXeQZ2gqj:QxtqgL53itDbgkHZQZ2gqj

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

bcak

Decoy

shizixiudian.com

thetimemerchants.com

rafflere.com

amosiagongbang.com

pikantepikariko.com

nationaltodaytv.com

anjielo.net

atlerz.com

cloudteamthree.com

cafelegume.com

gvniypqiy.icu

xn--schuldenzsurgesetz-ttb.info

jlxrcm.com

flowcraftnetworks.com

viberiokno-online.com

guisese66.com

farmaciaavicena.com

sealedgamescompany.com

eastonwestinc.com

szwmsz.com

Targets

- Target
  
  78e5df8594ba2ea6bf2b58ce0ed61080
- Size
  
  912KB
- MD5
  
  78e5df8594ba2ea6bf2b58ce0ed61080
- SHA1
  
  2a5bea5ba7a417e7460bbaa45229a624146a4bd3
- SHA256
  
  587a93ff0d5c705179a999e8d78014902a57ba119f45eb3c7c133eac8fa3c5ec
- SHA512
  
  95fc76841831d7a0486efb7b2609684b5b6621da592e654b7c94f297e6c7448690f35f3b458f885739445bc4a48ff5d86e65ff9b82c8f59877827fe2c91fae61
- SSDEEP
  
  24576:a7xtqZS/d33AE5+5+ziMUDbgkHmXeQZ2gqj:QxtqgL53itDbgkHZQZ2gqj
Score

10^/10

formbook bcak rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- CustAttr .NET packer
  Detects CustAttr .NET packer in memory.
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

CustAttr .NET packer

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2