formbook

General

Target

494287b94d735d029f5882eb5a39577e43f0e0cac6cf44646a17c6bf1f690373
Size

578KB
Sample

240417-qfnb4aad3s
MD5

8bde4318671e26a4aa2d656a6763e88a
SHA1

83a27a55cb0c41e056b54669d96ee85c3975a0e2
SHA256

494287b94d735d029f5882eb5a39577e43f0e0cac6cf44646a17c6bf1f690373
SHA512

b75d4cdc8f292ecebff82ad4f0a7af51660cb2a53c7a9c93a45760c7e6fa794eb574f21122e8400342113bedf1c622bfd1c0a5c66b0a274a33a1d638637888a6
SSDEEP

12288:XYfAYyync2EKqw+j2DScXpLrxq2HmP+ns3xT/bM:XY5nsDw+jC3xxTmPiWxjI

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ns03

Decoy

dipity.tech

agathis.fun

ekaterinai.store

elizabethsbookshelf.com

smilesustainably.com

tapeworm.xyz

beatricesswarthout.xyz

nsrpackersandpackers.in

yedxec.xyz

gildedbeautyaesthitics.com

hanibalbechar.com

fichaphuman.net

adilosk.shop

geezaran.com

ventasemail.com

phonecasesdirect.store

rctjuc.shop

sukimossmanagement.com

caller-id.today

kft07.vip

Targets

- Target
  
  12c7ec6f047ebf12cb9f142bb71fb0de5a61de79286776440b5814c94d93e2e4.exe
- Size
  
  610KB
- MD5
  
  0b90be647821fb3812e6c340c6587fae
- SHA1
  
  04ee5bf64f4fd6a512828a818c110697d19f18ab
- SHA256
  
  12c7ec6f047ebf12cb9f142bb71fb0de5a61de79286776440b5814c94d93e2e4
- SHA512
  
  d348ece6997947050c8b3c01df55f157767444892196c0bd001012c36c610b93696853f35080551e10bec6f4a15c1098cd1132acab84a697c4fed07deac34ab6
- SSDEEP
  
  12288:233bFUoSfRmhTIJgWGdm6HrC/QpCiriaEHCnLEovkR:23pqf8TIJge6HrCy6hHCLEd
Score

10^/10

formbook ns03 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2