formbook

General

Target

00c6e33b33295083d1bfa2cf07055d6e3d451c5ed695390cf736b74d162a6224
Size

578KB
Sample

240417-qkfstaaf3y
MD5

f8f6c99b6f9c7a3ba9f320e1daecea33
SHA1

e350024e6b11a88c4b8acf9b00178fe1df838298
SHA256

00c6e33b33295083d1bfa2cf07055d6e3d451c5ed695390cf736b74d162a6224
SHA512

49c4c912ddc111cfc5ae07c12ee040d735609bc2a215065ae35698ced5a17c7868c7f833970ee0de2667bd820aa0fa028ed8e1b0799b69ab5981cdbbb2cdd9f2
SSDEEP

12288:mza5RtHQAqI3WLi1V3ps8B5mytiJ45Ytl2gFLJMfbcputmiKX:mD873kfC5Ytl2eJMfbjKX

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ns03

Decoy

dipity.tech

agathis.fun

ekaterinai.store

elizabethsbookshelf.com

smilesustainably.com

tapeworm.xyz

beatricesswarthout.xyz

nsrpackersandpackers.in

yedxec.xyz

gildedbeautyaesthitics.com

hanibalbechar.com

fichaphuman.net

adilosk.shop

geezaran.com

ventasemail.com

phonecasesdirect.store

rctjuc.shop

sukimossmanagement.com

caller-id.today

kft07.vip

Targets

- Target
  
  12c7ec6f047ebf12cb9f142bb71fb0de5a61de79286776440b5814c94d93e2e4.exe
- Size
  
  610KB
- MD5
  
  0b90be647821fb3812e6c340c6587fae
- SHA1
  
  04ee5bf64f4fd6a512828a818c110697d19f18ab
- SHA256
  
  12c7ec6f047ebf12cb9f142bb71fb0de5a61de79286776440b5814c94d93e2e4
- SHA512
  
  d348ece6997947050c8b3c01df55f157767444892196c0bd001012c36c610b93696853f35080551e10bec6f4a15c1098cd1132acab84a697c4fed07deac34ab6
- SSDEEP
  
  12288:233bFUoSfRmhTIJgWGdm6HrC/QpCiriaEHCnLEovkR:23pqf8TIJge6HrCy6hHCLEd
Score

10^/10

formbook ns03 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2