formbook

General

Target

589d6063dd85e440033978651bb3aaf1_JaffaCakes118
Size

416KB
Sample

240519-fexh9sba61
MD5

589d6063dd85e440033978651bb3aaf1
SHA1

59e17ac0a1a6bd17a9b2abada22dead1ccfd9d83
SHA256

2e37ab77688ac2f58024d48088342b7c0819185b0843b4ca1a73224cb5723f3a
SHA512

533096c05766720da3ad35801eb88a692204ebfae2e2d21a3586d2f976e9672e96a93f6d638ff2dd2370b2fb573e102c8d7054b08f91169a1a545bf7a73f582b
SSDEEP

6144:27DdMELQcKgftA06j/a2KnvRfLcL+qlLi2fy1s:l0fO/LKn5DSzw2fy

Score

10^/10

formbook vi rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

3.9

Campaign

vi

Decoy

teenagehalloween.com

misgavheat.com

pourplaire-paris.com

bunny.hockey

sellersofficesupply.com

office-favor.com

nordictops.com

cnoral.com

diariodebordo.net

xn--9es663gr0cm3z.com

jhustleproduction.com

aburgessart.com

k7td4me6-f3ka7m.com

decorinteriorshq.com

realflowerjewelry.info

targc.com

karmic-curse.net

esargent.com

wwzvq.com

fysioclip.com

Targets

- Target
  
  589d6063dd85e440033978651bb3aaf1_JaffaCakes118
- Size
  
  416KB
- MD5
  
  589d6063dd85e440033978651bb3aaf1
- SHA1
  
  59e17ac0a1a6bd17a9b2abada22dead1ccfd9d83
- SHA256
  
  2e37ab77688ac2f58024d48088342b7c0819185b0843b4ca1a73224cb5723f3a
- SHA512
  
  533096c05766720da3ad35801eb88a692204ebfae2e2d21a3586d2f976e9672e96a93f6d638ff2dd2370b2fb573e102c8d7054b08f91169a1a545bf7a73f582b
- SSDEEP
  
  6144:27DdMELQcKgftA06j/a2KnvRfLcL+qlLi2fy1s:l0fO/LKn5DSzw2fy
Score

10^/10

formbook vi rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2