formbook

General

Target

f976846b1a85f117ff078d9662931c48_JaffaCakes118
Size

1004KB
Sample

240419-em5deahc2v
MD5

f976846b1a85f117ff078d9662931c48
SHA1

b5cdfaba7d6a07225e2081dc4e6fe5265580ab1d
SHA256

836579ca69ab6a19f5bbda57ab734abb715e0c7d8245ae0a9cb0e1b31b7ef437
SHA512

3372999cf4a2aa74af362e48834a016a6851396212770acf625360ce3f05199738f5287701050d3622c66d7fe94671cb85850979639d9d5791c4fc402e4f6e3e
SSDEEP

12288:Dx0lQLjOZdIt7FDaoGR9gLlpNND6PQLxNcE9bwbwUX:lzLjOjG71aog9gGPQLL39Eb

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

gz92

Decoy

ayurvedichealthformulas.com

plazaconstrutora.com

nat-hetong.info

eapdigital.com

ibluebaytvwdshop.com

committable.com

escapesbyek.com

mywebdesigner.pro

jianianhong.com

benvenutoqui.com

beiyet.com

theartofgifs.com

mbwvyksnk.icu

nshahwelfare.com

hhhservice.com

thechaibali.com

travelscreen.expert

best123-movies.com

leiahin.com

runplay11.com

Targets

- Target
  
  f976846b1a85f117ff078d9662931c48_JaffaCakes118
- Size
  
  1004KB
- MD5
  
  f976846b1a85f117ff078d9662931c48
- SHA1
  
  b5cdfaba7d6a07225e2081dc4e6fe5265580ab1d
- SHA256
  
  836579ca69ab6a19f5bbda57ab734abb715e0c7d8245ae0a9cb0e1b31b7ef437
- SHA512
  
  3372999cf4a2aa74af362e48834a016a6851396212770acf625360ce3f05199738f5287701050d3622c66d7fe94671cb85850979639d9d5791c4fc402e4f6e3e
- SSDEEP
  
  12288:Dx0lQLjOZdIt7FDaoGR9gLlpNND6PQLxNcE9bwbwUX:lzLjOjG71aog9gGPQLL39Eb
Score

10^/10

formbook gz92 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2