formbook

General

Target

8a23748bd6538bc7f349639d7b100260
Size

820KB
Sample

240202-wap7dsdggq
MD5

8a23748bd6538bc7f349639d7b100260
SHA1

892aef662cff782d478615ab5e3631c0e9ad5d13
SHA256

8ca372bae777f7250c22113f1312b38955555f48c0b1ed2aaf0c9326abe06001
SHA512

059e16d0fa1aad6c87699b5a41041ec969c9d1832708a4186faff724921527c1d97d9c19f6f1ce43ca99f3352933d68102846e71920a2292c166d1f9de36df57
SSDEEP

12288:254GgfHiwrENcmH/nOLQ9+SboQY3Sa1Zen1hbzM/2iN:25jsHXrENcIOL6HU91ZOk/1

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

wz6a

Decoy

commonebisu.com

onlinedatingforyou.com

nomoreink.com

directcare.doctor

protego1.com

buvettechamonix.com

dissertationshelp.net

theawakenedmother.life

leonwickham.com

renaultstoreiran.com

lsxwsj.com

uniontattoosupply.com

herfitnessandbeauty.com

jesselynleephotography.com

imaginebyccp.com

athomeproductive.com

laratome.com

smoothsailingexpress.com

freedrumlessons4u.com

easylivego.com

Targets

- Target
  
  8a23748bd6538bc7f349639d7b100260
- Size
  
  820KB
- MD5
  
  8a23748bd6538bc7f349639d7b100260
- SHA1
  
  892aef662cff782d478615ab5e3631c0e9ad5d13
- SHA256
  
  8ca372bae777f7250c22113f1312b38955555f48c0b1ed2aaf0c9326abe06001
- SHA512
  
  059e16d0fa1aad6c87699b5a41041ec969c9d1832708a4186faff724921527c1d97d9c19f6f1ce43ca99f3352933d68102846e71920a2292c166d1f9de36df57
- SSDEEP
  
  12288:254GgfHiwrENcmH/nOLQ9+SboQY3Sa1Zen1hbzM/2iN:25jsHXrENcIOL6HU91ZOk/1
Score

10^/10

formbook wz6a rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2