formbook

General

Target

Solicitud de una nueva cotización de FW.exe
Size

640KB
Sample

230523-svxkesgg51
MD5

29594a9cf01970b6d01f1887e4ad287b
SHA1

8c6bf8c3800edb00c127a195fb416df968ac5eb4
SHA256

e30d41df0b3384eb57a607989bdfe40191b4e81df96327c1974f6d05a3a3d83f
SHA512

1e74859fbecd17b1f32d59b91e313162a3e593d7ecb007f3ac620136eb43550f6ab147ee52a1d4a896c5310770f2b5f1a219d82be93c0a3248cdedc6b8fd089f
SSDEEP

12288:E+nzsn296riLPyrwATwqqG5L0z/CWSJOtgTs:62UriLfATNqG5ALClJOg

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

cx01

Decoy

appskul.com

acasascbcenter.com

dististicks.com

ipsmagen.com

car-leasing-54007.com

elboshari-tradeinvestment.info

5777757777.com

brequx.online

kjds11171.top

jgaytfiz3.xyz

guvenceoyunevi.com

ccpandashare.com

alineacustomhomes.com

bwoywonderkids.com

lazersec.com

gewirgq1uw.xyz

aimappq.info

grandcoeur2007.com

giuseppedematolasax.com

aus-anzhelp.com

Targets

- Target
  
  Solicitud de una nueva cotización de FW.exe
- Size
  
  640KB
- MD5
  
  29594a9cf01970b6d01f1887e4ad287b
- SHA1
  
  8c6bf8c3800edb00c127a195fb416df968ac5eb4
- SHA256
  
  e30d41df0b3384eb57a607989bdfe40191b4e81df96327c1974f6d05a3a3d83f
- SHA512
  
  1e74859fbecd17b1f32d59b91e313162a3e593d7ecb007f3ac620136eb43550f6ab147ee52a1d4a896c5310770f2b5f1a219d82be93c0a3248cdedc6b8fd089f
- SSDEEP
  
  12288:E+nzsn296riLPyrwATwqqG5L0z/CWSJOtgTs:62UriLfATNqG5ALClJOg
Score

10^/10

formbook cx01 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2