formbook

General

Target

Original Document.r01
Size

545KB
Sample

240617-lltnvayfjp
MD5

55fa47532e07ba636f8752db1ac59a42
SHA1

b61205861d6620e35eaaca6e1489a40b836b9457
SHA256

9cb300d1428eed7efc3bc596f27927b48500e1bbc21d583ca135880e0a024670
SHA512

0d04344ec69c35f746737cc8799812bd3ed410ccdebebba5550e7babca765a1953b39eb2eb88e3029caa8a15cf426b84138ebebb03a42d9bd94e43a261a7985e
SSDEEP

12288:Ezc4Z8Iz5Lmq4JQ+MFlWlKa5H02F3nhD9Z48tKOwBI:ED8VwAlFH0shhZ44KOsI

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

dy13

Decoy

manga-house.com

kjsdhklssk51.xyz

b0ba138.xyz

bt365033.com

ccbsinc.net

mrwine.xyz

nrxkrd527o.xyz

hoshi.social

1912ai.com

serco2020.com

byfchfyr.xyz

imuschestvostorgov.online

austinheafey.com

mrdfa.club

883106.photos

profitablefxmarkets.com

taini00.net

brye.top

ginsm.com

sportglid.com

Targets

- Target
  
  YUDD7CDakVsH65f.exe
- Size
  
  580KB
- MD5
  
  c67b00d2aa41d4c8f86debd0b74cbb19
- SHA1
  
  309f175346d432b9cb43a93c7898a79feec6714d
- SHA256
  
  73052c6ab3fb230ab01c3c4def27f0fb76759602217ffef157b7004b6fe8f406
- SHA512
  
  635cfeb79725f7105b258fbcd7e360ccdb3f9e5dad17ad7c7be27788d53aabbad5c0a718b8b0373b2bb22378dc41a4c417b6e2ed211fc246d1cace64b4d39034
- SSDEEP
  
  12288:V7P/iFIsPAb/z/mdh7z0g5+FabkcfaZdHky+WZARwHf6/qyAC3zjq/fCcN2ufq/+:pPkIKybUd7+845ZdaWZiwHf6/pAM+3RP
Score

10^/10

formbook dy13 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2