formbook

General

Target

86bc4c7a3c0730570851d849ea9c1120
Size

671KB
Sample

240201-m6w55sdehq
MD5

86bc4c7a3c0730570851d849ea9c1120
SHA1

9e1a4c4036e42095a4b5943524e511b0e029befc
SHA256

ccb54b8d6c3b3e726fe52cf852f5bab045582b646245c645883b7a42bbc335ff
SHA512

740604ae3f16ab78082b2dbf34553d5e833c46683fef84c9f1c829d8415610dbfa9cf1b85237dd1b39e7fd54468c6d13eab2d0b5c1579752b5a8cf7d9286dd53
SSDEEP

12288:lFvGlEc/4c6YSydqIwimgDIOKPHGHsP9cRIsoV/csZWi2DXLspsVLrfo5:LedXjdqInmgKTmqBMDLsmLrg5

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ucze

Decoy

motorcyclemagician.com

powerreport.xyz

ychfgdne.icu

presentschein.com

seabreathing.com

stlukeyouth.com

ifixconstruction.repair

thietbikhaithacdatuanphat.com

hexdeville.com

xn--planungsbro-stanko-u6b.net

elisebruneau.com

yxflwwbvz.icu

wafirainteriors.com

hexok.com

krewedubethkevin.com

lassilacgi.com

bestvolvowebsite.com

clarissajaneen.com

foreverchemicallawsuit.com

ebizkendra.com

Targets

- Target
  
  RCL2334LM08272021.exe
- Size
  
  866KB
- MD5
  
  f4a49c6484ffec10e29db1033d8b8803
- SHA1
  
  54abd68e8e7c5d9b7da6e29faabb9fe73d7de71f
- SHA256
  
  5cea35baef6d7c873750dac2241bda507c91ffd6287edf7e290d13774207a9c5
- SHA512
  
  921628d772944e5a0867db30551e1eed31013823115210a4b0a48b894d612fa9d46bbd93ac22b4b7def1162bca62654a75f4ba92dc8508d8f69278751775fc76
- SSDEEP
  
  12288:avyQdVYSE7nP1/7V3a/d8nv37qeDPbq4X0JBfvw:7Q/YSE7Nzad8nv35DWdv
Score

10^/10

formbook ucze rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2