formbook

General

Target

e0ea43818cf17d804ee897584efdd06f
Size

829KB
Sample

240327-ggx39aea25
MD5

e0ea43818cf17d804ee897584efdd06f
SHA1

fe729ee34f962c5ce0cf611e97fc4da98bb794a1
SHA256

32bbf2e5e3a25176126e173d9f5cda01040c9f82fd426c1463fdaeb7ade8adf5
SHA512

874f306169e786edf0ac6112be70e98be6a7261a8ee70b56421f771488f0525f930853ec768a8b06739810b2659d90024bce359e6ec893eeeab9fea59355f7e4
SSDEEP

24576:AITjS/d3G34AxzXOgYsw3ixZWphUMqAtDLuNc2LDLFdE:VzIy+5seRUM7tr2LDL4

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

bkbk

Decoy

myzshouse.com

elimabd.com

iandiphoto.com

k9yhf.com

lalaandthelight.com

spearteam6.com

tdv29mayiskoleji.net

senthamizholi.com

toprooferelpaso.com

homegraphicdesign.com

formas-de-ganar-dinero.online

psgvsfreelive.com

xclusivedispatch.com

qdhizwlti.icu

hananomi24.com

seikobaby.com

cursosinemlinea.com

vintage-transport.com

billings-identify.com

simplepartyplanning.com

Targets

- Target
  
  e0ea43818cf17d804ee897584efdd06f
- Size
  
  829KB
- MD5
  
  e0ea43818cf17d804ee897584efdd06f
- SHA1
  
  fe729ee34f962c5ce0cf611e97fc4da98bb794a1
- SHA256
  
  32bbf2e5e3a25176126e173d9f5cda01040c9f82fd426c1463fdaeb7ade8adf5
- SHA512
  
  874f306169e786edf0ac6112be70e98be6a7261a8ee70b56421f771488f0525f930853ec768a8b06739810b2659d90024bce359e6ec893eeeab9fea59355f7e4
- SSDEEP
  
  24576:AITjS/d3G34AxzXOgYsw3ixZWphUMqAtDLuNc2LDLFdE:VzIy+5seRUM7tr2LDL4
Score

10^/10

formbook bkbk rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- CustAttr .NET packer
  Detects CustAttr .NET packer in memory.
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

CustAttr .NET packer

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2