formbook

General

Target

a507002ff2fe5ce654247c91b451a916ca0de14075f44a04ba032ad985142e20.zip
Size

622KB
Sample

240622-btbsws1ame
MD5

81e2f272cebdf6e0da6849afb9ba4314
SHA1

b904ad13ce7b91a8fb7c853fd043b5a9859e6375
SHA256

a507002ff2fe5ce654247c91b451a916ca0de14075f44a04ba032ad985142e20
SHA512

c335251311a968a89dae36cf517166a1c7c78611bee10d6dd6139b48e622a8c891cdf4c681445c8749e5d39b3ede6d7d49b94f5359cf04510e93fc2b4cac5c37
SSDEEP

12288:qSZXCMrCwbXRkqAVIsP11xZM0UDRA2bcVbHgMOA5H1OQL47LJIa3sr3NJFaaH:FCMrC5lVjP110hDG2IVbAE5HAQCLj8r9

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

as02

Decoy

qwin777.com

robinhoods.live

h3jh-dal.pics

braindeadcopywriting.com

kktcbet1000.com

mpo0463.cfd

raboteshoes.com

ab1718.com

lowcrusiers.com

gregcopelandmusic.com

dkfndch.store

firstclassuni.com

00ewu1ub.com

shunweichemical.com

sugarits.com

marqify.com

mistmajik.com

trezip.online

tinytables.xyz

suestergocoaching.com

Targets

- Target
  
  ARIVAL NOTICE.exe
- Size
  
  1.0MB
- MD5
  
  ba4626698cabac08fd9d2440f730e80c
- SHA1
  
  577f8e973cb926b58dffa2ec5a0ae1f9e451f128
- SHA256
  
  d6f3187ea8a4c0cb9e263a665487060b5b14caf184a5343b2ed928b67d16a264
- SHA512
  
  a15b63b4d018276272dd4e2667b79a859df83df8c96ea60b1bf9471e0138b40f7f4ce6c5d63424225fd5fbe1e6c55a9afd75e084b813967db7f49c9558465eda
- SSDEEP
  
  24576:SAHnh+eWsN3skA4RV1Hom2KXMmHao75RAQkLXWB3ryAv5:Vh+ZkldoPK8YaoX6jQ3ryQ
Score

10^/10

formbook as02 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2