formbook

General

Target

e071783b4f072df4982a4e676b5b4c08
Size

289KB
Sample

240327-btsreaha63
MD5

e071783b4f072df4982a4e676b5b4c08
SHA1

1d292815771503df127a8e5ebd00dd447d8dfe6b
SHA256

ba02722034f9381898b65e8f64ab7ec2e77cdeaa3bc7a3351b1241161611cb73
SHA512

bff3837bdad2b02bd7aac437d12060c008a25a9c1711f21ac17d7498422dd979daeaed37ea3628e5c4546d37cef190fe0f8b335a15cd21a142ad6649c0e9f1c1
SSDEEP

6144:DikYf1udmGRTYQULtxgt1fOeSSNLknEBgNqrmwIWHOaC3ujgdX+5E:mkYdBG9MLTg3OeSmLkEBgNqiwIyYVO5E

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

lt0h

Decoy

originalindigofurniture.co.uk

fl6588.com

acecademy.com

yaerofinerindalnalising.com

mendilovic.online

rishenght.com

famlees.com

myhomeofficemarket.com

bouquetarabia.com

chrisbani.com

freebandslegally.com

hernandezinsurancegroup.net

slicedandfresh.com

apnathikanas.com

chadhatesyou.com

ansilsas.com

in3development.com

nitiren.net

peespn.com

valengz.com

Targets

- Target
  
  b123.exe
- Size
  
  227KB
- MD5
  
  b3104364708fa64e5242cbe54885ec56
- SHA1
  
  4be2064313b2f72e472b8a81797e7b14a5b3aec8
- SHA256
  
  f4abecbd1a56abc36103d0595086bfd31c50f33236b9431b53860e5c1e20c2a7
- SHA512
  
  2aa6da2a189de20c9ce5d919fc6fe8e5f050151721cf496fa93f8862dcb6775d1b5f90b5666fb01659265721b81ed788e4b938961d8166d0c09245f75f8d2591
- SSDEEP
  
  6144:2wVqCOiGWu2dw9r6bDo78j+JEwh3pc8aMxfcPbwoP:2KyWhw9x8spc7MiPbwoP
Score

10^/10

formbook lt0h rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2