formbook

General

Target

20230324_2073053.IMG
Size

1.3MB
Sample

230324-ns13lsgb3z
MD5

ed17d8de65b6d173ff3cf3ade7ff73a1
SHA1

722aa7f875fb344432dadb0082edc36a7796f617
SHA256

b5aed45d1e9d42e9fa8dc45994dfec8a11a8ecde02079e4d12da52a09ae1754a
SHA512

76d86977b26f3639038565058c198daf6b5e28de62245a056a49a35a9d65029cc0df3cd1f8a4c27cfa14b59eb9c00165383e377b2332aa91ec191961dfa120ea
SSDEEP

12288:CCRbds5v5x4bHO9ZrYg+9SWxLpmXT8WkTpFKklp6qW2+lHOZwdU:CCAyj+0FmD8Wk1pTUROZG

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

cs19

Decoy

asafkozmetik.com

hitcentersinc.com

healthcurezone.africa

umzontsundu.africa

llklkj456.online

simplyfetchingweddings.com

agile-workforce.com

efefcapricious.buzz

natalyrunner.ru

alain-jp.com

uhdtubesex.net

amerika-express.com

evolutionunited.com

digi-eye.app

10086o.xyz

airinsystem.com

fullbasketballacademy.com

kronoendustri.com

kujzap.cfd

ankleswelling.site

Targets

- Target
  
  20230324.EXE
- Size
  
  791KB
- MD5
  
  fdca43d474bf8b09efa04fee4dea2c68
- SHA1
  
  e702215560b931fa58cd5aa547072d50b2f806d1
- SHA256
  
  bb58b7a83dca5acebea46ff017834a7c95699e80cd172b056d2c0421e56ae30c
- SHA512
  
  1d99b3cfad1484576b27530a4075654de4d9819109cb94acc7fdaa7a92c16d2cd1d748c276ff4077902d3f7ba336099fe43e69ebd7cac8fc2de3d3d146c93530
- SSDEEP
  
  12288:yCRbds5v5x4bHO9ZrYg+9SWxLpmXT8WkTpFKklp6qW2+lHOZwdU:yCAyj+0FmD8Wk1pTUROZG
Score

10^/10

formbook cs19 phishing rat spyware stealer trojan
- Detected phishing page
  phishing
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Detected phishing page

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2