formbook | 251af2abab547d98f6623f4be8cee42afbe325ea9c2c8e5e3ddbabe3f25b5ff3 | Triage

Sharing

General

Target

BNI Tanda terima transaksi Ref 20230807135601239809 IDR70110002,PDF.bz2
Size

534KB
Sample

230813-n5c7badf6t
MD5

018b35b6df85f1d177e341a4d310c50b
SHA1

16747ca55ac52326d52723872e8bd9398d61d829
SHA256

251af2abab547d98f6623f4be8cee42afbe325ea9c2c8e5e3ddbabe3f25b5ff3
SHA512

f3bcef38817c79cabd129fcf861272aa25c98960113209834848416f5781866e58419df10cd6b4ca6aeaa647ac65dc774dd046a24c804819e8b2bd52cde737b7
SSDEEP

12288:IBlw9ijQZ3wSSsjAx8Q01v6wlKM4gmuoJrDgTVmIZwcWX/:IzdjQZ3wSdEOl4gmjYJmI6/

Score

10^/10

formbook jr22 rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

jr22

Decoy

941zhe.com

lunarportal.space

xn--osmaniyeiek-t9ab.online

trejoscar.com

nrnursery.com

quizcannot.cfd

seedstockersthailand.com

watsonwindow.com

wjfholdings.com

weziclondon.com

naruot.xyz

yeji.plus

classicmenstore.com

oharatravel.com

therapyplankits.com

keviegreshonpt.com

qdlyner.com

seithupaarungal.com

casinorates.online

8ug4as.icu

Targets

- Target
  
  BNI Tanda terima transaksi Ref 20230807135601239809 IDR70110002.exe
- Size
  
  573KB
- MD5
  
  5aa44e58f06c7cd2252a498032d1337c
- SHA1
  
  67b83d2b3c7d8b8b88ac6ad5ce0c862b5ca63b15
- SHA256
  
  e654b958d21819ddbad7d3e8f2cf03bfee47309b72a6ad8d57d898b0989805e1
- SHA512
  
  9a27b4c11a85cf4662b2ec7eb7610b5978437d91d19ccd5a4d483687cfd7c58bea910edded7d16b579c6b0d87d4ac15a708b447cbabd162c02f8df6f0221e8c4
- SSDEEP
  
  12288:3qc6LVhq8a2hOvMeVkreQ8orEZj6b9bne8Ql96:6c6Z9XHeVkrIqEZj6Jem
Score

10^/10

formbook jr22 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

formbookjr22ratspywarestealertrojan