formbook

General

Target

General Specification -INVACO PVT.exe
Size

1.0MB
Sample

240321-ekrpjabd74
MD5

0ed3e74eedb79951944237b0a560fb11
SHA1

0e88c313525bcb312baf633aef56caf70fcee969
SHA256

41885886b8b5d925c8efc8ba5ccb8a3f40eb5b218cbd124fac0a81e467ce0d90
SHA512

609800df42d85306c75f44a9ead946e50feb45989028c40ef204be109a87656d77c722f4c73a62216c041b183cb8c900e0473c555bb3479326ea92d0173325b6
SSDEEP

24576:hAHnh+eWsN3skA4RV1Hom2KXMmHatcyzAaubWi5:4h+ZkldoPK8Yatcr1

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

kh11

Decoy

theluckypaddle.net

assurelinkenterprises.com

gazpachogroup.com

worxservicesllc.com

bestecankurban.com

cotebrief.com

899173.com

navist.io

metaverseharem.com

genpower-plus.com

drhandgrip.com

jessicachristina.com

eidura.com

cat2000andhope1izfanfiction.com

nywaiverlatam.com

cdlb9twt.shop

j2mjewerly.com

itsmisshodges.com

timeis.shop

santefe4g.com

Targets

- Target
  
  General Specification -INVACO PVT.exe
- Size
  
  1.0MB
- MD5
  
  0ed3e74eedb79951944237b0a560fb11
- SHA1
  
  0e88c313525bcb312baf633aef56caf70fcee969
- SHA256
  
  41885886b8b5d925c8efc8ba5ccb8a3f40eb5b218cbd124fac0a81e467ce0d90
- SHA512
  
  609800df42d85306c75f44a9ead946e50feb45989028c40ef204be109a87656d77c722f4c73a62216c041b183cb8c900e0473c555bb3479326ea92d0173325b6
- SSDEEP
  
  24576:hAHnh+eWsN3skA4RV1Hom2KXMmHatcyzAaubWi5:4h+ZkldoPK8Yatcr1
Score

10^/10

formbook kh11 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2