formbook

General

Target

240313-epmldaec36_pw_infected.zip
Size

220KB
Sample

240525-s738qsaa28
MD5

8e1c4d1f7e0cc1e843b630baeb222a0a
SHA1

a4794606fbf341295a88dcbc406419addb3b4e82
SHA256

e67f8a804bdbeb0cd9be8de25f41c251eda9eaa38f44a937cbf9bb0c304d1530
SHA512

9f496d5cad639038ea55a63f99c9d2b35cc7c2f685cbda9913f88d552b2fb2896fcca5da616be2997ee303361657fa6de6964ed78409c23f54912eda1d196a2b
SSDEEP

3072:+T3jAqeqz2Xp7jqU0Vt3l0uU6oMSnOUoBedZk61RfEZHw/yRCc+tANA0fN+nTEG:Y3sqebNGU0Vt1MnzVA61Rf4w6w+GINg3

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

zizv

Decoy

sacramenti.info

ggilrwzkg.icu

jamesmolloymakeup.net

chanelcheap.com

permutator.xyz

axsnaplp.icu

thor-baikyaku.xyz

rcelerity.com

fevirad.com

aroundtheregions.com

destwide.com

haasjustice.com

mindfulmannerllc.com

sanskaridevil.com

matrixcommunication.com

sharytee.com

kalpafoods.com

merchantstash.com

stellerproperties.com

beaute-ekinoxe.com

Targets

- Target
  
  c4ee18d4a484321620bef6ddd00fc620
- Size
  
  231KB
- MD5
  
  c4ee18d4a484321620bef6ddd00fc620
- SHA1
  
  0bb6e51bbd66dfa5afacf3e12ab9789252f2ff57
- SHA256
  
  4fa4620f075ed6875b96da8c661287fc12c586ddc524c866a6861a6a94a26bee
- SHA512
  
  563a9e23b48fe1cffb21e73dc92a611bae2431d6a5d2b50d77745169254f2818603c1fda6d2fea3e3b4ce450a94e9a72e62c5bf1f1e4c0ff5e478880a0575b60
- SSDEEP
  
  6144:qK90Si3cX/ljsdbhmuUhmA3gOETfcfmcb2pY:q50XidohmdOufcOcb1
Score

10^/10

formbook zizv rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2