formbook

General

Target

246075e596e81d15a6c4e8bfad11dbe0abe920d25c0aa38bd32cd59605c6749f
Size

300KB
Sample

240417-r8lveaed4w
MD5

c059312a73b4806b72d2feb1003601cd
SHA1

da4c719c64115bd75aefe8c6f26197ff02d685e9
SHA256

246075e596e81d15a6c4e8bfad11dbe0abe920d25c0aa38bd32cd59605c6749f
SHA512

41496abead8fc555950ad25ebbfd14b75cfd09464fab0d0957946c3f47fa3039961df04fab0186ae29a1cccadce269c2201584937fc30d7f7245e3fc909c3aed
SSDEEP

6144:Xix54RC4svLOTDZ6U6Sd9MncLlhqPJ20o4oqLE1Lk0N9wDnyNfAXpe4iMAMndy8o:XixMCVv6/ZtThqP7JK8DnyNfA/iNMdZC

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

g05b

Decoy

scarflab.com

kettlemancitytowing.top

incomegenerationspecialist.com

canine-heros.com

riverbottomfurniture.com

superrccars.com

loteria.company

br0.site

gfdast.xyz

172hsck.com

trackt-aupost.com

saltyviagem.com

ventle-melbourne.site

aipcommunity.com

entretallarais.store

colttowing.top

wzp96.top

sellingknik.homes

loterij.auction

therokkbot.com

Targets

- Target
  
  bc5bbcae0fe7bce37b744677acb4602b8e2d31f8120aefcf4f648937a0c6e210.exe
- Size
  
  342KB
- MD5
  
  368e0613aed9277c8bf34477048486fe
- SHA1
  
  fddd6fb473ac44ab3ec0154ba936d8f3ab831f96
- SHA256
  
  bc5bbcae0fe7bce37b744677acb4602b8e2d31f8120aefcf4f648937a0c6e210
- SHA512
  
  d78f7dfa5700c2adc62ac026c11add7eba3eff996ca3f3f86713111a981f648711c831500961699622611e704edafa2215a21184e3abc15e0439c6a0d6db3ba6
- SSDEEP
  
  6144:ilJkCAvKhqGapWHVaTfAWUJRDLLLLLLLLLLLLLLLLLLLLhv9jLdROUmLyiez6CgS:il6CAvKhCxcbJRDLLLLLLLLLLLLLLLLp
Score

10^/10

formbook g05b rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2