formbook

General

Target

2d450cf09b7158d5036e1e8572f9b0327d70670f0238ff963cad00aeb9020625.exe
Size

690KB
Sample

240229-f1847aeh92
MD5

3da716e7be62ce9f345c37c84fff8ed9
SHA1

aa92605e8ffa40546407975c7f50f3abe7e3fa67
SHA256

2d450cf09b7158d5036e1e8572f9b0327d70670f0238ff963cad00aeb9020625
SHA512

4dfbe7ef693202ae81d8092259493c4c6374f0c55e6dd4a6fa10b52297f0287f2d75d96930cddb0f786c1b31e29c24e6601cb08942fb80c60ded5f7a87a60230
SSDEEP

12288:izNwnqs3y44sAGcprVjQSwMQTKilCj5If71Fs0576ivpVA5wN8wWEACrIYgI:HnPAGcpx5wMKPwC1Fsc76iv7BiC1gI

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

he2a

Decoy

connectioncompass.store

zekicharge.com

dp77.shop

guninfo.guru

mamaeconomics.net

narcisme.coach

redtopassociates.com

ezezn.com

theoregondog.com

pagosmultired.online

emsculptcenterofne.com

meet-friends.online

pf326.com

wealthjigsaw.xyz

arsajib.com

kickassholdings.online

avaturre.biz

dtslogs.com

lb92.tech

pittalam.com

Targets

- Target
  
  2d450cf09b7158d5036e1e8572f9b0327d70670f0238ff963cad00aeb9020625.exe
- Size
  
  690KB
- MD5
  
  3da716e7be62ce9f345c37c84fff8ed9
- SHA1
  
  aa92605e8ffa40546407975c7f50f3abe7e3fa67
- SHA256
  
  2d450cf09b7158d5036e1e8572f9b0327d70670f0238ff963cad00aeb9020625
- SHA512
  
  4dfbe7ef693202ae81d8092259493c4c6374f0c55e6dd4a6fa10b52297f0287f2d75d96930cddb0f786c1b31e29c24e6601cb08942fb80c60ded5f7a87a60230
- SSDEEP
  
  12288:izNwnqs3y44sAGcprVjQSwMQTKilCj5If71Fs0576ivpVA5wN8wWEACrIYgI:HnPAGcpx5wMKPwC1Fsc76iv7BiC1gI
Score

10^/10

formbook he2a rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2