formbook

General

Target

Envio de documento OC016 PAGO192025.Pdf-password(Gzx04AuG).zip
Size

867KB
Sample

250114-sp4rjs1pdv
MD5

6a05299e86c2965a66294bdab1c3af40
SHA1

997d8aef9dafe2759e1665748df130a65be05af8
SHA256

11d8b7816c187d751da9c34ed7f37f335f177409b116581078864912c705cc2c
SHA512

8d6f3c9c6bb9e2a20a5facb9aed22ad3f4ca2903515ecea12c46f41c6f10e76098e40e8a82fc4d368a7454ce9dfb98de42d4fa683434c7252386099f01bc28b7
SSDEEP

24576:LVlHk+zb1sLP68N+J4KfjUfvw2n/j4Q03PJLKAgy+58:BH9yi8N+J5jmwU/j4QoOzm

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

x07y

Decoy

oksa.life

utecak.shop

200mzeus.store

hopsphereviral.store

g6fqz07uyhlgwxf.shop

ntentwicket.asia

ele88.buzz

3233.pizza

ataract-surgery-54329.bond

utsidetheguardrails.net

lkpiou.xyz

nline-gaming-56806.bond

arehouse-inventory-23414.bond

sphalt-jobs-98701.bond

p82520.icu

hetopgraded.shop

okoresmi.life

su41k7v.xyz

lwaset.net

onitoring-devices-18459.bond

Targets

- Target
  
  Envio de documento OC016 PAGO192025.Pdf-password(Gzx04AuG).zip
- Size
  
  867KB
- MD5
  
  6a05299e86c2965a66294bdab1c3af40
- SHA1
  
  997d8aef9dafe2759e1665748df130a65be05af8
- SHA256
  
  11d8b7816c187d751da9c34ed7f37f335f177409b116581078864912c705cc2c
- SHA512
  
  8d6f3c9c6bb9e2a20a5facb9aed22ad3f4ca2903515ecea12c46f41c6f10e76098e40e8a82fc4d368a7454ce9dfb98de42d4fa683434c7252386099f01bc28b7
- SSDEEP
  
  24576:LVlHk+zb1sLP68N+J4KfjUfvw2n/j4Q03PJLKAgy+58:BH9yi8N+J5jmwU/j4QoOzm
Score

1^/10
behavioral1
- Target
  
  d789879fb4a6c42171f2cb73a8d85d094629eea7ae02f74d55263403b6358ef9.eml
- Size
  
  866KB
- MD5
  
  88c77cc2e6e9d9f6deb1f001910d4c2b
- SHA1
  
  0f6fdcef13a6b1bc7f32598ee6e18693fd5566f6
- SHA256
  
  185a044604b0a636b9da7f2406bfd4524df50287bcf694ed0b085770e5cbdad2
- SHA512
  
  ce8c3add88bec211a1a977bdd1076690f58f18514f57d3ae7cae56680c4abe16e647b9f8019a246d1f6a29d5adaa18253aac6382469a3a493e0206ac1cffbae7
- SSDEEP
  
  24576:p4LWPLhm22nJC1La+XBcnXWRcR3v6QB6IXNq:pm85mWiv6Hz
Score

3^/10
behavioral2
- Target
  
  COMPROBANTE FAC PAG 1312025pdf.zip
- Size
  
  630KB
- MD5
  
  7ffa7bd8790d363f6ce75a196fbfaaa3
- SHA1
  
  24988819575beb787dcc8ea750fc7a34212d66d8
- SHA256
  
  f74672bff56ee501992e93951a793b71e7850902a4f25a00616129aa5cad1edc
- SHA512
  
  63d5972b6a5d4a203fbc622cdf09a423f6d8f179200d2b3727945454a01e03981747b051a4b85999837d00f7b9601dad7db6f282ec3feb0377e6f3f00073fc28
- SSDEEP
  
  12288:QXICvZqhH4xGcIKho8cGZOLmBE6tlNuyoisvbXC0AOIUPR7GIzixVx:kIQLGcPhwGZmmBE6XNnRejH1GIzkT
Score

10^/10

formbook x07y discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Executes dropped EXE
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral3
- Target
  
  COMPROBANTE FAC PAG 1312025pdf.exe
- Size
  
  1.0MB
- MD5
  
  e4ae748b24c33178f1203895c632daef
- SHA1
  
  9e6bd03f721da74a1412f80ed5615c14ef85434e
- SHA256
  
  920dba5848da51e0cd39ced7ef38fd1640e9aa0142b75a5a957ef7abf879a298
- SHA512
  
  f0e9ee3d27fb29918d5b12f4aa48d66f6fe7ca13081ee1e011ecdac22506b6f45b0095a3c6655d398a9e02a84f7c56441c341a3c37fb432956f5fbde2d5154d3
- SSDEEP
  
  24576:wAHnh+eWsN3skA4RV1Hom2KXMmHaecUtHlGAcg5:nh+ZkldoPK8YaecUtHlB
Score

10^/10

formbook x07y discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral4
- Target
  
  email-plain-1.txt
- Size
  
  48B
- MD5
  
  d0f2e7ecb0fad43a885a6f36a4444615
- SHA1
  
  f8847e3881933da454c9cf1b1dc989d929dc42a7
- SHA256
  
  fc1cb464cd848905de05667e13beba16f7c946a816c3cd0f9f8aeffdec162f54
- SHA512
  
  f73c585f56659f0e29f98f75c5f5bae84d41515bf863fd1edf2ef1d5b4235d6599b80ded9a7e2b147df28adf5368dce66024d741c3c0ce7ed5c00264c7e9b5c8
Score

1^/10
behavioral5