formbook

General

Target

12fb27d7a59c168a82317baa0b127b8a826cc98dd108fc37fd022d8a842b06bc.zip
Size

547KB
Sample

240402-l3gevadg9x
MD5

df2979aac31ab83ca4f60e3ae4a0c106
SHA1

87cc64d7c8d0d7b56c375f9c8557e43379d44826
SHA256

85166cdc896a4a4418bd495768cd96d1d39fcbcff93539134b52f9165263ab61
SHA512

385485b23d6813f323443f92d7f38017f45e5487cdd61d834ad51eb119e3f56b90e44b09b5f5ab97acce19cfac5c6da5c3f1cfbb92760bed3211658f92fb6345
SSDEEP

12288:85BE+vZIGFFeibj5pfDp33YYtoOI46cK2babvwQ74EUb9E/n+aAxP:4qHYH5pfDpdo/5EbabvwQUE3n+aYP

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

vr01

Decoy

eclipsefoodservice.com

oregonjobs.co

ethicai.pro

frontierconnects.co

elcaporalburley.com

exoticskinco.com

topdeals.biz

carmensbookstore.com

mayorii.com

viewhird.com

bharatcrimecontrol24news.com

sampleshubusa.com

molobeverello.com

nicholsonflooringservices.com

kidscircle.shop

771010.cc

poseidoncrm.com

liviafiorelli.com

flavorfog.online

xaqh.info

Targets

- Target
  
  12fb27d7a59c168a82317baa0b127b8a826cc98dd108fc37fd022d8a842b06bc.exe
- Size
  
  566KB
- MD5
  
  7df9e584bf64bcf76701b0177b673e48
- SHA1
  
  07199478434332e2b57650e506d9933f89ee18ae
- SHA256
  
  12fb27d7a59c168a82317baa0b127b8a826cc98dd108fc37fd022d8a842b06bc
- SHA512
  
  93c251fd6a6c556bf1b2b3fd5b649f305f5890af725191e0398834357d2a821ff2042de06177c2d9c2b0bf5e816d8928841e4fefa0ef1aed76814d45cd23ebca
- SSDEEP
  
  12288:/4gZMDGR1CtxLLOt26jGz3mBNWaoCfWwHDasYbinls94Wqs9MWXa5WSkR:VMDGALgRGz2LpW+DvlsWps9d9h
Score

10^/10

formbook vr01 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2