formbook

General

Target

24062024_0853_23062024_Salary raise.zip
Size

696KB
Sample

240624-ktaehatfna
MD5

35771f7bfa875aecaa2a9e652a7d21a8
SHA1

88471bfd409e526713f867e6367105b12e4e6205
SHA256

2c93eeb89697513a120c5f586deeb87c281844c5c42e0a49c24f89347c57b5c3
SHA512

17884ab3baf16a815e9f33f4b73f5c33f6ab04ce4d949cd445180920f75f0a4897144b17f0e289f26ed1aeebf05df6db648abf60e2d447a0a781177b6b5e32e9
SSDEEP

12288:C5Tx05cJ/Qwr2XdisP1EvnZdkk1WsP5yGISM/tkcYAFggrPh1HB0O2bXChm2kwF:X+BeP10/kk9yGI9IArjjHGO2bnwF

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

as02

Decoy

qwin777.com

robinhoods.live

h3jh-dal.pics

braindeadcopywriting.com

kktcbet1000.com

mpo0463.cfd

raboteshoes.com

ab1718.com

lowcrusiers.com

gregcopelandmusic.com

dkfndch.store

firstclassuni.com

00ewu1ub.com

shunweichemical.com

sugarits.com

marqify.com

mistmajik.com

trezip.online

tinytables.xyz

suestergocoaching.com

Targets

- Target
  
  Salary raise.exe
- Size
  
  1.1MB
- MD5
  
  c8d850146b27ea87e5242f103088ef2d
- SHA1
  
  b7425314a1dd4316e2e7038d8cbf6a0a41804855
- SHA256
  
  bd8a38d06603be4dafa830f2a5faa9f55b3e24cb692314908dc246adad8c8999
- SHA512
  
  c2eaf840856f613cf7e71dbba6f5112c1b09c40cd3b7328322b27a3092229b125230264f7b2db6360bb285a65290d372ec23e74a91f11a10f3e15c2cef285f02
- SSDEEP
  
  24576:eAHnh+eWsN3skA4RV1Hom2KXMmHa6ZAXd/HGOeb7r5:Jh+ZkldoPK8Ya6ZAXd/mlbR
Score

10^/10

formbook as02 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2