formbook

General

Target

RE,RE,RE,RE,RE,RE,RE; Best offer and ETD.exe
Size

682KB
Sample

230424-szqyfacg68
MD5

cc2de3574d37bdd8dc01d94e26c6b80e
SHA1

940e2dc45395bd32b3b3feb2385a375478924cc1
SHA256

319ed15753e7ce1ff182e1bd2e4900de9c76300f30cb645c01b57324de50face
SHA512

566aef7dceb911e67def06a78f79bbe4033a0ecd76fabdb61a62113a74a07924b5145012ff783b2c63c62eceeafcd031dc59ea4ad3036c3a495353be1fc854f4
SSDEEP

12288:uF9NCviMjBCj620DFvG1S/TP+52mectA42tuLV14eKnDD2ti:unN6bBCj6rDFvJ/TjUtA42tuLcBD

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

cx01

Decoy

appskul.com

acasascbcenter.com

dististicks.com

ipsmagen.com

car-leasing-54007.com

elboshari-tradeinvestment.info

5777757777.com

brequx.online

kjds11171.top

jgaytfiz3.xyz

guvenceoyunevi.com

ccpandashare.com

alineacustomhomes.com

bwoywonderkids.com

lazersec.com

gewirgq1uw.xyz

aimappq.info

grandcoeur2007.com

giuseppedematolasax.com

aus-anzhelp.com

Targets

- Target
  
  RE,RE,RE,RE,RE,RE,RE; Best offer and ETD.exe
- Size
  
  682KB
- MD5
  
  cc2de3574d37bdd8dc01d94e26c6b80e
- SHA1
  
  940e2dc45395bd32b3b3feb2385a375478924cc1
- SHA256
  
  319ed15753e7ce1ff182e1bd2e4900de9c76300f30cb645c01b57324de50face
- SHA512
  
  566aef7dceb911e67def06a78f79bbe4033a0ecd76fabdb61a62113a74a07924b5145012ff783b2c63c62eceeafcd031dc59ea4ad3036c3a495353be1fc854f4
- SSDEEP
  
  12288:uF9NCviMjBCj620DFvG1S/TP+52mectA42tuLV14eKnDD2ti:unN6bBCj6rDFvJ/TjUtA42tuLcBD
Score

10^/10

formbook cx01 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2