formbook

General

Target

DOC20221011567890987655600000.exe
Size

62KB
Sample

221012-cr3n9scbfq
MD5

2d6ace20a34791c5296e4340c2fe0098
SHA1

c5e1b5ce674daef3144def97a32b0cba3cacb422
SHA256

9e9b9774e70f84a23aa0258af2d84f03509e9293b4f7fd419eeb5414a54c741b
SHA512

8b8eed06d5d1b1ab21cde39348714c2802ece03931d094a257435dc61c4ccf94e444312b195aed5c63e40bfce3d091ceff2995029ceb0bd1485239679375f290
SSDEEP

1536:6/pfn9Kpga/eHUTQQQQQQQBdBgN6b5/2kWSC6WLr1BDvas:4p/kpga/eHUTQQQQQQkdBft/2YWLr1Bf

Score

10^/10

Malware Config

Extracted

Family

formbook

Campaign

c1no

Decoy

NOAZ1GtFnUx1bqjUWmD6

sUBk3CYAoWuQfq3UWmD6

5vwrVl0msDtpEkYt

VtL6sSoIchhMStcj5DxYbm3FBw==

BKjy1ZxyhhuJ2guPWUI=

eAgklPLAE7zgqOmwRqPNOQLXz1Y=

aApC9n9Zp0ZhObwjLLLUAg1cjsx6Lg==

OrLZYLeFBavC1cD5+A==

jJm87eu4hy/QMbYE/wzDRQLXz1Y=

s63OS5RsBKrY3FurpDZXbm3FBw==

hyxwKsePxJNCwwejbEg=

l5667e2vQOkM4hFPE5yA0Q==

wTtVQBT04YkyoNKoN53GFV9m2hpS

+pzWhBnS26FJqiRyZXQrqR1Ow/1B

d/VHx031x5W2

GjhhiKSDZ/1txQejbEg=

nDhRjp5e9JeQiKzm+gqI41hdV5nFhsI=

ws4wtUMZYA1pEkYt

GazXV6Fr6akfcvxEOcbpTTCmMEq7Jg==

2vAOHufF5MT6VdU=

Targets

- Target
  
  DOC20221011567890987655600000.exe
- Size
  
  62KB
- MD5
  
  2d6ace20a34791c5296e4340c2fe0098
- SHA1
  
  c5e1b5ce674daef3144def97a32b0cba3cacb422
- SHA256
  
  9e9b9774e70f84a23aa0258af2d84f03509e9293b4f7fd419eeb5414a54c741b
- SHA512
  
  8b8eed06d5d1b1ab21cde39348714c2802ece03931d094a257435dc61c4ccf94e444312b195aed5c63e40bfce3d091ceff2995029ceb0bd1485239679375f290
- SSDEEP
  
  1536:6/pfn9Kpga/eHUTQQQQQQQBdBgN6b5/2kWSC6WLr1BDvas:4p/kpga/eHUTQQQQQQkdBft/2YWLr1Bf
Score

10^/10

formbook c1no rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2