formbook

General

Target

d659960132af324d2dbdaef622bb05a9
Size

1016KB
Sample

240319-rtwfaseh6w
MD5

d659960132af324d2dbdaef622bb05a9
SHA1

27b9debff9fef20bb9ac3a2c6efff6d66b023bab
SHA256

0aa68b819455d1810d114c502d6a221d0da9320d506c31b9e83b7a488f46a954
SHA512

15422a7ada1dcdaab11c71e0fee15d31b783b7ae461a69444bddfd8938106cdda62758e16ec57db1dc1ccf61e49527739dacdae4cf8bb8e204b1fe6e43353c2d
SSDEEP

12288:DNZi9708VGxIjEfh3hIA3ULh00E9MbzcYpwzyOlXyg+knoJKu:DNZNh3hh3T9MbzTqzRBygOJKu

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

mxwf

Decoy

orders-cialis.info

auctionorbuy.com

meanmugsamore.com

yachtcrewmark.com

sacredkashilifestudio.net

themintyard.com

bragafoods.com

sierp.com

hausofdeme.com

anthonyjames915.com

bajardepesoencasa.com

marciaroyal.com

earringlifter.com

dsdjfhd9ddksa1as.info

bmzproekt.com

employmentbc.com

ptsdtreatment.space

vrchance.com

cnrongding.com

welovelit.com

Targets

- Target
  
  d659960132af324d2dbdaef622bb05a9
- Size
  
  1016KB
- MD5
  
  d659960132af324d2dbdaef622bb05a9
- SHA1
  
  27b9debff9fef20bb9ac3a2c6efff6d66b023bab
- SHA256
  
  0aa68b819455d1810d114c502d6a221d0da9320d506c31b9e83b7a488f46a954
- SHA512
  
  15422a7ada1dcdaab11c71e0fee15d31b783b7ae461a69444bddfd8938106cdda62758e16ec57db1dc1ccf61e49527739dacdae4cf8bb8e204b1fe6e43353c2d
- SSDEEP
  
  12288:DNZi9708VGxIjEfh3hIA3ULh00E9MbzcYpwzyOlXyg+knoJKu:DNZNh3hh3T9MbzTqzRBygOJKu
Score

10^/10

formbook mxwf rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2