formbook

General

Target

2ca71d41529f0e3ff46458a8375ab7c0a755cf5a81d5882b743187fe8af8a919.zip
Size

566KB
Sample

240515-bjw13sab34
MD5

5cdf892ad3b4a55ca03467d53d04fe0e
SHA1

dd9b7e170794f320ffe66920abba37cb658c3575
SHA256

2ca71d41529f0e3ff46458a8375ab7c0a755cf5a81d5882b743187fe8af8a919
SHA512

0d65f6b2c6ba2d3f1f85099a009eaccac97846ac45c5a6381810c076f075ae188e85da14ec608503ef0170b052950a5c22605ea917300de3343019d8f6485d21
SSDEEP

12288:VIL3TUKfP8t3tjre81ADOuNiWlm+0VjtHRJUy:VmTXY9vR1ylmDVjJRJ5

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ba94

Decoy

dxtra.shop

upfromhere-eventsdecor.com

blacksevenkoeln.shop

pcboards2024.xyz

posteo.lol

naservus.com

pivotance.com

90ans.com

ebenezer-remodeling.com

reddragondao.com

gspotshop.com

thesiamesebetta.biz

rrdhq.com

greenislandservices.info

prismotrov.com

elaqbh.shop

sosenfantscovidlong.com

elmsolarsavings.com

sol-casino-2023.club

sharecroipper.top

Targets

- Target
  
  fileANS.exe
- Size
  
  1.0MB
- MD5
  
  15457d011dab88622087b56142ee22d3
- SHA1
  
  1fc14c22eb559ae15e0642ed913aa1b93d6f3312
- SHA256
  
  3ffcd95cd6bd717e4371107605cdb847891190eae063dcf741dbae9bd1528faf
- SHA512
  
  314aa3fc23f86dedffce5143c447e8e2c0e92928abf68021c487dacf006181bd11a44468724fd8592c04024decfa1308657f971172f795b745cbad9e0cf91566
- SSDEEP
  
  24576:YAHnh+eWsN3skA4RV1Hom2KXMmHawvDvPYknWte5:fh+ZkldoPK8YawrXYaWu
Score

10^/10

formbook ba94 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2