formbook

General

Target

810e39d602b5ef4c5899a7168c20ad4068a08a90fa72f66d645b5902ec3780a3
Size

624KB
Sample

240601-gt82aacc5x
MD5

4679ef85c62ae7775d7fb6b84e180966
SHA1

32cc751d93fbfb1dc8673cb2e79c150032caabee
SHA256

810e39d602b5ef4c5899a7168c20ad4068a08a90fa72f66d645b5902ec3780a3
SHA512

1c62a924d22701b93a71f90a0cca3638d307d9aa7d795681dbd3165c8ec0de4aad385231b494c991d969dafdd052176983e976cb96cc49acfc45161ba19c2086
SSDEEP

12288:UWJFSVs25+uQX8A8l/UdKTVs/HRY9PxAayXjZg6I7SkQvUnf5ZAXpn:UWHSVv+uQX8RlS/HRwPxAayXjZgt6v+q

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

as02

Decoy

qwin777.com

robinhoods.live

h3jh-dal.pics

braindeadcopywriting.com

kktcbet1000.com

mpo0463.cfd

raboteshoes.com

ab1718.com

lowcrusiers.com

gregcopelandmusic.com

dkfndch.store

firstclassuni.com

00ewu1ub.com

shunweichemical.com

sugarits.com

marqify.com

mistmajik.com

trezip.online

tinytables.xyz

suestergocoaching.com

Targets

- Target
  
  d6f3187ea8a4c0cb9e263a665487060b5b14caf184a5343b2ed928b67d16a264.exe
- Size
  
  1.0MB
- MD5
  
  ba4626698cabac08fd9d2440f730e80c
- SHA1
  
  577f8e973cb926b58dffa2ec5a0ae1f9e451f128
- SHA256
  
  d6f3187ea8a4c0cb9e263a665487060b5b14caf184a5343b2ed928b67d16a264
- SHA512
  
  a15b63b4d018276272dd4e2667b79a859df83df8c96ea60b1bf9471e0138b40f7f4ce6c5d63424225fd5fbe1e6c55a9afd75e084b813967db7f49c9558465eda
- SSDEEP
  
  24576:SAHnh+eWsN3skA4RV1Hom2KXMmHao75RAQkLXWB3ryAv5:Vh+ZkldoPK8YaoX6jQ3ryQ
Score

10^/10

formbook as02 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2