formbook

General

Target

RFQ INQ NO ENGMS 2024 REVISED.rar
Size

574KB
Sample

240701-rl9myszcmk
MD5

8ab900d433b2031fd7a412fc2a4951d9
SHA1

56d7f107c0118cf5a2ec19207dabcbcc21cbca0b
SHA256

0607db84d09db51725d79aa284142375aa2fd933d9a4a5169e9e798d713bc87e
SHA512

17b142026f5a8bedf56aa5c44fa50712f427582e0a9ee162315f93a9418c7a6941f02fb39323a7dc15083c1a5c29368eccece7e2e195b62498bf81d25385ce06
SSDEEP

12288:ggdPUBjc9+8VShCEIFbpnhkqgYot12iw6CYJE3:ggNajc9+8ghCJ1hoJt15CYJE3

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ts59

Decoy

hgptgz684w.top

gas39.pro

totalcow.com

76466.club

ssweatstudio.com

nr35.top

hmstr-drop.site

kjsdhklssk13.xyz

lostaino.com

athenamotel.info

9332946.com

ec-delivery-jobs-8j.bond

complaix.com

824go.com

checkout4xgrow.shop

modleavedepts.online

shoedio54.com

topallinoneaccounting.com

texhio.online

cn-brand.com

Targets

- Target
  
  RFQ INQ NO ENGMS 2024 REVISED.exe
- Size
  
  1.0MB
- MD5
  
  86fdca7d62e0f4832e1dbb9b33dab985
- SHA1
  
  97f5f1191d30bd4e59f3a58e238acbf3dca7ca54
- SHA256
  
  784890a0352b0b2a85896b9b61fe09358df9bf6de8506784b6d613716bb173be
- SHA512
  
  a5bcc303099b893792b6a2808a0bb7253d1c64bab218de525ee3eabbf5b2e32c45c5e8fa6f41618e03782cdae2feebecb6512e9c4464f3005b2aac4ed6e676de
- SSDEEP
  
  24576:FAHnh+eWsN3skA4RV1Hom2KXMmHaY/bxMr4mYaT4p04Ge5:0h+ZkldoPK8YaY/bxMr4mYi4p9L
Score

10^/10

formbook ts59 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2