formbook

General

Target

48147474eaef88b0ba2927745819466064ba02897a21fb1f7a4022edc1bcb8da.zip
Size

693KB
Sample

240622-bjrflatfkp
MD5

2c277456e264ebae3cec78449460f879
SHA1

8d65e99e145af331a0242ef5a5824bd90f046022
SHA256

48147474eaef88b0ba2927745819466064ba02897a21fb1f7a4022edc1bcb8da
SHA512

5a6a48707e785f3c9dad24b2c8b2722be05ca2a3884c05133e248f405e73c001a79483ca28f22a0015e109caecfd78cd2ccd63acb0ca9c284310b655f7cb3d39
SSDEEP

12288:rKzm2LZ4z7NxhY5tz1ru3evlXwRan3VoSd+THwfZAzZ6fNOKHDjojp:gUN0HK3SlARan3SSdZfZAgfNOKHD0jp

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ty31

Decoy

jejakunik.com

inb319.com

jifsjn.buzz

gkyukon.site

43443.cfd

cogil69id.com

oeaog.com

lpgatm.com

mymarketsales.com

tomclk.icu

404417.online

nysconstruction.com

ourwisequote.com

ahsanadvisory.com

ottawaherps.com

forevermust.com

apartments-for-rent-47679.bond

kdasjijaksdd.icu

buthaynah.com

manggungjayakanopi.com

Targets

- Target
  
  MV Starship.exe
- Size
  
  1.1MB
- MD5
  
  7735fefaf6b16dd97499d0d2016dff1b
- SHA1
  
  598d7c0eea1ca5fee2f7d8c052a01225bcd72761
- SHA256
  
  3cc81b7a9a59609e3267d06fad726352660b7c2e5c896c193939aff4744d499d
- SHA512
  
  4df13f92972522e14497ad16051b876983caf97810bb00128030b0121289eb11cf4774b5f458ae04a0ba3b7ceb4a2b6de913dddfef357fd8a164eff3093c4ad9
- SSDEEP
  
  24576:IAHnh+eWsN3skA4RV1Hom2KXMmHaxnRjGf9UYfLOKlD6J1y5:Ph+ZkldoPK8YaxnRjGSYfLdRN
Score

10^/10

formbook ty31 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2