formbook

General

Target

V691KUgebCvcYp2.exe
Size

616KB
Sample

240719-jcykbsyhkj
MD5

54df980a554dd390a666241611bdc853
SHA1

9ec3172879f4f5ee153af834d9118f2a59a45c8d
SHA256

ecf7d21e6034165420d152b1c77462ac51da9950be2b4eb32f966eda29376aa5
SHA512

6eae852e045e7259a7f9f08caa30a37434e9eac37bcc2ebcd664153a80367e611e56b6d8c557e284a42cd3677233025fde106ede8d397ed7ae1decd54a78af7e
SSDEEP

12288:ziN882BB6X47oXvsFpK6yDJAbAyOSCEZhrtL5IuviN:zu2BcX47ofUY6yDJAsyOShyg

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

v15n

Decoy

dyahwoahjuk.store

toysstorm.com

y7rak9.com

2222233p6.shop

betbox2341.com

visualvarta.com

nijssenadventures.com

main-12.site

leng4d.net

kurainu.xyz

hatesa.xyz

culturamosaica.com

supermallify.store

gigboard.app

rxforgive.com

ameliestones.com

kapalwin.live

tier.credit

sobol-ksa.com

faredeal.online

Targets

- Target
  
  V691KUgebCvcYp2.exe
- Size
  
  616KB
- MD5
  
  54df980a554dd390a666241611bdc853
- SHA1
  
  9ec3172879f4f5ee153af834d9118f2a59a45c8d
- SHA256
  
  ecf7d21e6034165420d152b1c77462ac51da9950be2b4eb32f966eda29376aa5
- SHA512
  
  6eae852e045e7259a7f9f08caa30a37434e9eac37bcc2ebcd664153a80367e611e56b6d8c557e284a42cd3677233025fde106ede8d397ed7ae1decd54a78af7e
- SSDEEP
  
  12288:ziN882BB6X47oXvsFpK6yDJAbAyOSCEZhrtL5IuviN:zu2BcX47ofUY6yDJAsyOShyg
Score

10^/10

formbook v15n rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2