formbook

General

Target

Purchase Order#44231.exe
Size

701KB
Sample

240408-mesnmsab6w
MD5

b8185fd04dbe1c2ef2ec8fbabbb18632
SHA1

acf9748a3056ae157741c7431408b72e32d98c35
SHA256

45369218b88d34e6bc3164318250c39c39dbde9b2a40b5c0d8dde6a3abf819ab
SHA512

a4f4480d21bd27598397195b62033eb311928c32992b75aef214e3810a9ebdd310c9267cdd62145bf837e9c1dadf2e94b927c54f72fb64d0d21123c697507139
SSDEEP

12288:CB1oVeonVJVwPOm13aoanwlDfokYYHzDhlVM8G25LRAFtx8oZ886Tgpm6vv9QkR:go5nWra4lDfoklBlVMKRAnHITgQ6vvF

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

vr01

Decoy

eclipsefoodservice.com

oregonjobs.co

ethicai.pro

frontierconnects.co

elcaporalburley.com

exoticskinco.com

topdeals.biz

carmensbookstore.com

mayorii.com

viewhird.com

bharatcrimecontrol24news.com

sampleshubusa.com

molobeverello.com

nicholsonflooringservices.com

kidscircle.shop

771010.cc

poseidoncrm.com

liviafiorelli.com

flavorfog.online

xaqh.info

Targets

- Target
  
  Purchase Order#44231.exe
- Size
  
  701KB
- MD5
  
  b8185fd04dbe1c2ef2ec8fbabbb18632
- SHA1
  
  acf9748a3056ae157741c7431408b72e32d98c35
- SHA256
  
  45369218b88d34e6bc3164318250c39c39dbde9b2a40b5c0d8dde6a3abf819ab
- SHA512
  
  a4f4480d21bd27598397195b62033eb311928c32992b75aef214e3810a9ebdd310c9267cdd62145bf837e9c1dadf2e94b927c54f72fb64d0d21123c697507139
- SSDEEP
  
  12288:CB1oVeonVJVwPOm13aoanwlDfokYYHzDhlVM8G25LRAFtx8oZ886Tgpm6vv9QkR:go5nWra4lDfoklBlVMKRAnHITgQ6vvF
Score

10^/10

formbook vr01 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2