formbook

General

Target

a3ab9dcf6e3ba0e1f026fcf4b18065a0
Size

959KB
Sample

240225-nmjw5sbd4x
MD5

a3ab9dcf6e3ba0e1f026fcf4b18065a0
SHA1

9dee0e59021d3092cdf34b9cdbebc582c304b33a
SHA256

ecacac4e9f514e780ff7124b6fdd97251dcec9947d5815166b2b57d2a41ddf0e
SHA512

6e83a376bc56ac33fff46cd6809d69867bc52191f56f6a5a1aa616d86c3614056dab84de0cc92e9c635652ba309f462456ffe97fea1687bcb152a28f067c9579
SSDEEP

12288:2MZDc9F3nC0Py3gAhLEJbjJEKD0vO43bP9cvprU6I4F+d7PkP+Mj7m08Om5ME1Kc:I02y9chrNI4IdPuja04SEr

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

gz92

Decoy

ayurvedichealthformulas.com

plazaconstrutora.com

nat-hetong.info

eapdigital.com

ibluebaytvwdshop.com

committable.com

escapesbyek.com

mywebdesigner.pro

jianianhong.com

benvenutoqui.com

beiyet.com

theartofgifs.com

mbwvyksnk.icu

nshahwelfare.com

hhhservice.com

thechaibali.com

travelscreen.expert

best123-movies.com

leiahin.com

runplay11.com

Targets

- Target
  
  a3ab9dcf6e3ba0e1f026fcf4b18065a0
- Size
  
  959KB
- MD5
  
  a3ab9dcf6e3ba0e1f026fcf4b18065a0
- SHA1
  
  9dee0e59021d3092cdf34b9cdbebc582c304b33a
- SHA256
  
  ecacac4e9f514e780ff7124b6fdd97251dcec9947d5815166b2b57d2a41ddf0e
- SHA512
  
  6e83a376bc56ac33fff46cd6809d69867bc52191f56f6a5a1aa616d86c3614056dab84de0cc92e9c635652ba309f462456ffe97fea1687bcb152a28f067c9579
- SSDEEP
  
  12288:2MZDc9F3nC0Py3gAhLEJbjJEKD0vO43bP9cvprU6I4F+d7PkP+Mj7m08Om5ME1Kc:I02y9chrNI4IdPuja04SEr
Score

10^/10

formbook gz92 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2