formbook

General

Target

Quotation.exe
Size

696KB
Sample

240604-g8wz9sgb3y
MD5

1701c039722e0ba1cc8876b22bc371f7
SHA1

4b0827c74ec83a5c5db429d36d095d3f7d14d8a5
SHA256

5f811c57872e95387829dbd3addf6e27bbf3bcbcc388354ea19d41ed1b5bd8de
SHA512

baa1cb4fea71fea989998b40c7fc61df73e967d3eae4af3000143a51bd195659b1295c9573a2ce4b7f1bf7810907305dd5e2826dd3fad887b7103546c224d5ce
SSDEEP

12288:u7kpO8mUKNr+uf5Z3g7Gj1/TTwYmbHNbAHUkZJ1bfQ+Ruf0MTGLjcTb:G82Cuf5ZQ7GjpTTwAJhQ+RFeZ

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

mw62

Decoy

abpdainik.in

luxuryprojectmalad.co.in

cajunbellebeauty.com

fpmfstudios.com

spedyz.shop

wilddogphotographics.com

apollomoda1.com

evrimciftciportfolio.com

99977bet.com

inefavel.com

mf85.com

online-doctor-nl-1.bond

zqi2lv.vip

thewebdesignhub.co

botwitter.com

18comic-palwoeld.club

loveweldpermanentjewelry.com

l3er39pc-gaywn6kv-d7fs4t7u.cc

31yoyogamestudio.com

yhvh.cloud

Targets

- Target
  
  Quotation.exe
- Size
  
  696KB
- MD5
  
  1701c039722e0ba1cc8876b22bc371f7
- SHA1
  
  4b0827c74ec83a5c5db429d36d095d3f7d14d8a5
- SHA256
  
  5f811c57872e95387829dbd3addf6e27bbf3bcbcc388354ea19d41ed1b5bd8de
- SHA512
  
  baa1cb4fea71fea989998b40c7fc61df73e967d3eae4af3000143a51bd195659b1295c9573a2ce4b7f1bf7810907305dd5e2826dd3fad887b7103546c224d5ce
- SSDEEP
  
  12288:u7kpO8mUKNr+uf5Z3g7Gj1/TTwYmbHNbAHUkZJ1bfQ+Ruf0MTGLjcTb:G82Cuf5ZQ7GjpTTwAJhQ+RFeZ
Score

10^/10

formbook mw62 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2