formbook

General

Target

b4d90c0fc82bdb9d299f657379fe71550f8063fdd7b6785ec44408dba16002d1
Size

702KB
Sample

240417-r8jeaach93
MD5

73181ab0a7e906018f9bc3dd1d421285
SHA1

7af83aff3a31f0f643600174b1be6d24c4929e58
SHA256

b4d90c0fc82bdb9d299f657379fe71550f8063fdd7b6785ec44408dba16002d1
SHA512

04d44a5815bd7ebdb2cc4c915918ff0ef94ef71e70d5c27f74a6c7e3246dd4acb207389d5f830f3dd9ddaa1163aa843bce4c9c6926916df9d36ba767261ab690
SSDEEP

12288:kliKHUpN5htn+XF2o3p8X/DywS0GnR0ibzWB70fy167rRwh39Q6yuLzx8P:kPHCNNnUpZm/Ozn7bCay1wrCh3Zyz

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

sg36

Decoy

cookfranschhoek.com

rajaslot138.today

eightfigureroundtable.com

sdklwdz.com

novaturienthealth.com

sk87k.xyz

defoutenmakers.online

eadsanuncios.com

drewkav.com

car-insurance-94416.bond

m3nm.site

6vab.site

towing-barnesville.top

authentifizierung-beginnen.com

thejmfc.com

beggiapizza.site

gttsfibermill.com

cdugood.com

dominiongeneralcontractors.com

deprepagos.com

Targets

- Target
  
  10b71b9870e8b389acdf0874c2d49d392a9d9d227fd37e9f12c290b217f95fc0.exe
- Size
  
  902KB
- MD5
  
  aa305fd0870aa227c16bd1060964d2b8
- SHA1
  
  a29ba6abc7eb4752929a1c213ffc89770ff878e0
- SHA256
  
  10b71b9870e8b389acdf0874c2d49d392a9d9d227fd37e9f12c290b217f95fc0
- SHA512
  
  aaebd755fddaccdd29cb975db21e50e233deb7f367d99a7a0a8850231c15c609cec378975ae498d0682598321b5687af9422e3704e0cb8f57407c1119a2401e1
- SSDEEP
  
  24576:EvpoS6P2zy0wefqdraQmzuV1ItWzSLN7+qgfAC:ERGOzffzRur8WmZ7+qgfL
Score

10^/10

formbook sg36 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2