formbook

General

Target

da9ade09c6fca5d1045aca4be2dfc009
Size

1.2MB
Sample

240321-eaay2abb58
MD5

da9ade09c6fca5d1045aca4be2dfc009
SHA1

d152ddd28c1c540a21c7340d6905480629a7f923
SHA256

992ce35b6f38f1d8fddc91a5c7274410862f0963b24acf20710988eb770a8afc
SHA512

56b805d98738627b5347eced4dccaac7bf5976474bc41b119e12c3d5ae992ee5dcf877057c2f63e37518cb2b090803620fee1eb7c5e4b353c5d128a602829e0c
SSDEEP

24576:UAOsBgo0q4wM9BmCmTOUd+L6kmXWIdpL0FzZI/ZbRiORU9p:UhoHM7mCm6Ud+zmXlAO/Z1iew

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

kgdh

Decoy

socialsecuty.com

rossiniconstruction.com

baliisterstore.com

walnuthotsouce.com

herculesmile.com

datum-maps.tech

yourhandhistory.com

reevolvehardware.com

condosandresorts.com

boissonsenergetiques.com

everybodymatters.club

titoly.com

knfsupplies.com

azitajovaini.com

orfilashop.com

aliceramsay.com

tipsyfetes.com

besttrip.store

ukrainianlandtoken.com

jdscornerbar.com

Targets

- Target
  
  da9ade09c6fca5d1045aca4be2dfc009
- Size
  
  1.2MB
- MD5
  
  da9ade09c6fca5d1045aca4be2dfc009
- SHA1
  
  d152ddd28c1c540a21c7340d6905480629a7f923
- SHA256
  
  992ce35b6f38f1d8fddc91a5c7274410862f0963b24acf20710988eb770a8afc
- SHA512
  
  56b805d98738627b5347eced4dccaac7bf5976474bc41b119e12c3d5ae992ee5dcf877057c2f63e37518cb2b090803620fee1eb7c5e4b353c5d128a602829e0c
- SSDEEP
  
  24576:UAOsBgo0q4wM9BmCmTOUd+L6kmXWIdpL0FzZI/ZbRiORU9p:UhoHM7mCm6Ud+zmXlAO/Z1iew
Score

10^/10

formbook kgdh rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- CustAttr .NET packer
  Detects CustAttr .NET packer in memory.
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

CustAttr .NET packer

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2