formbook

General

Target

b32ea4a4c8195ecb6e736a7c1f95b617_JaffaCakes118
Size

434KB
Sample

240616-m7vzga1clb
MD5

b32ea4a4c8195ecb6e736a7c1f95b617
SHA1

7b9236ce65e841fa6cf3cf9b270a65838b1e1298
SHA256

e0a917ef24983c8087f33320578cab7f488a471e5fbb2e48c8c7850c6bde4807
SHA512

46ef7baed18fe1ba32da254d2c104a532c875d610b6782a904c9965fe68d4592427c2af3179b6a8e32f504f40857303df0d2aaeb9d031665e7282a1677ceed65
SSDEEP

6144:5zArJ3X7EfFeZT97AoqFs+1iS4Cr+zkZw7/m0By7IGvdaQRsa7xh:JNeZeZ1f4Cr+zX7/5GDdLtxh

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.0

Campaign

3iw

Decoy

cepbank-direkt.com

lieoga.com

officialbetterbeardclub.com

media0702.com

safariflorist.com

vipinternationalinc.com

bitechanalytics.com

employeewage.com

truckingtag.com

priyaladiestailor.com

highlanderpiping.com

enargiapetroleum.com

vermilionranch.com

focusopgeld.com

kalem-euy.net

disypen.com

fairpayva.com

davidguner.com

idreferensi.com

dytt889.com

Targets

- Target
  
  PDFSLP232.exe
- Size
  
  686KB
- MD5
  
  9cabc06c47b82704fd1b7f2bc179a3a8
- SHA1
  
  83fe695a745fe1a0f81cf1ec71cde74a9d4b424d
- SHA256
  
  cb1b1d99cbf6d7bb1a30ec1c7ee31c36b8e19230751046688ad1a14b2fec4758
- SHA512
  
  f45e4bf071298f3ad5e007db4c5ed9ffd723c50f34efa771d37a1b484bcc09fbe77a20c59dc72a40a0c96837afc12c67258ace11e04e1d397dca64fdf821d043
- SSDEEP
  
  12288:dl0++rKR6dSkULoqZ/b+sVUaGMUgdiSMa4Nk:dl0RrW6qtbuc4Nk
Score

10^/10

formbook 3iw rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2